Certified in Risk and Information Systems Control (CRISC) — Question 247

Which of the following is the BEST way to validate the results of a vulnerability assessment?

Answer options

• A. Perform a penetration test
• B. Perform a root cause analysis
• C. Conduct a threat analysis
• D. Review security logs

Correct answer: A

Explanation

Performing a penetration test is the best way to validate vulnerability assessment results because it actively exploits identified vulnerabilities to confirm their existence. The other options, such as root cause analysis, threat analysis, and reviewing security logs, do not directly test the vulnerabilities but rather analyze or review data without active validation.