I think C. There's a question in the QAE similar to this. I forgot what specific number. But the explanation says that penetration test reflects real-life attack that's why it's a better test to determine whether controls in place are effective.
It is either B or D. The problem word is "appropriate". Audit says they have controls according to the audit criteria. Risk assessment says the following situations need to be addressed and includes evaluating the existing controls.
Correction, reason:
During an information system audit, auditors review and test the effectiveness of IT controls to ensure they are operating as intended and that they are adequate to manage the risks faced by the organization. This enables auditors to identify weaknesses in IT controls and provide recommendations to address any deficiencies.
In contrast, an IT risk assessment may not provide the same level of detail or depth as an information system audit. IT risk assessments may only focus on high-level risks and may not provide a comprehensive assessment of an organization's IT controls.
To ensure a newly acquired company has appropriate IT controls in place, the MOST reliable information would be obtained through a comprehensive IT security assessment or audit.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jennarink13
1 month agoCbtL
2 months, 2 weeks agoKoulyo
3 months, 1 week agojohn_boogieman
4 months, 2 weeks agojohn_boogieman
4 months, 3 weeks agoSuchib
6 months, 2 weeks agojohnwalters
9 months ago