Certified in Risk and Information Systems Control (CRISC) — Question 743
Which of the following is the BEST way to validate whether controls to reduce user device vulnerabilities have been implemented according to management's action plan?
Answer options
- A. Survey device owners.
- B. Review awareness training assessment results.
- C. Re-scan the user environment.
- D. Require annual end user policy acceptance.
Correct answer: C
Explanation
Re-scanning the user environment is the most reliable method to verify that the controls are effectively implemented, as it provides direct evidence of the current security posture. Surveys and training assessments may not accurately reflect the actual state of the devices, and requiring policy acceptance does not ensure that the controls are in place.