Certified in Risk and Information Systems Control (CRISC) — Question 791

Which of the following is the BEST way to determine whether system settings are in alignment with control baselines?

Answer options

• A. Internal audit review
• B. Control attestation
• C. Penetration testing
• D. Configuration validation

Correct answer: D

Explanation

Configuration validation is the best option because it directly examines the system settings against the control baselines to ensure compliance. Internal audit review and control attestation do not specifically verify configurations, while penetration testing focuses on finding vulnerabilities rather than confirming alignment with control baselines.