Certified in Risk and Information Systems Control (CRISC) — Question 1214

Which of the following provides the BEST assurance that an organization will be able to defend against cyber attacks?

Answer options

• A. Penetration testing
• B. Preparedness testing
• C. Vulnerability testing
• D. Compliance testing

Correct answer: A

Explanation

Penetration testing simulates real-world attacks to identify vulnerabilities, providing the most reliable assurance of an organization's defense capabilities. While preparedness, vulnerability, and compliance testing are important, they do not simulate actual attacks as effectively as penetration testing, making them less comprehensive in assessing an organization's readiness against cyber attacks.