Certified Information Systems Security Professional (CISSP) — Question 112
Which audit type is MOST appropriate for evaluating the effectiveness of a security program?
Answer options
- A. Analysis
- B. Threat
- C. Assessment
- D. Validation
Correct answer: C
Explanation
The correct answer is C, Assessment, as it involves a thorough evaluation of the security program's effectiveness. Options A, B, and D do not specifically focus on evaluating the overall performance of a security program, making them less appropriate for this purpose.