Certified Information Systems Security Professional (CISSP) — Question 144

Which process compares its results against a standard to determine whether the results meet the standard?

Answer options

• A. Penetration test
• B. Security audit
• C. Security assessment
• D. Functional review

Correct answer: B

Explanation

A Security audit is designed to assess and compare the security posture of an organization against established standards. A penetration test focuses on identifying vulnerabilities, a security assessment evaluates the overall security without strict benchmarks, and a functional review assesses operational effectiveness rather than compliance against a standard.