Exam CISM topic 1 question 945 discussion

Enforcing technical security standards ensures that the server is configured and maintained according to best practices and security guidelines. These standards typically cover various aspects of server security, such as hardening, patch management, access controls, and monitoring. By adhering to these standards, organizations can systematically address security risks and vulnerabilities, leading to a more secure server environment.

Enforcing technical security standards as in the form of baseline configurations. Similar question exists in this question pool - they are just worded differently.

Option A is just to wear the armor, to "ensure" it is secured, you will need to use a spear (Option D) to "test" it. my 2 cents.

B. Performing secure code reviews

Option A only focuses on technical controls but a pen test will test other forms of controls, like physical controls.

Have to argue that pen test is the answer here. Ensure means to make certain. Only option to ensure you are secure is to have a third party try to break into the server. Keep in mind physical security along with technical.

B to D are doing investigative or identifying threats only A is implementing control

ensure vs assure so going with A

You can not do a penn test everytime a new server is brought up

A. Enforcing technical security standards

All of the options mentioned can contribute to ensuring that a new server is appropriately secured. However, if I had to choose the most effective option, I would go with option D, conducting penetration testing. Penetration testing involves simulating real-world attacks on the server to identify vulnerabilities and weaknesses in the system. This allows for a comprehensive evaluation of the server's security posture and helps identify potential entry points for unauthorized access. By performing penetration testing, any security vulnerabilities can be identified and addressed before they can be exploited by malicious actors.

D. Conducting penetration testing