Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 262 discussion

Actual exam question from ISC's CISSP
Question #: 262
Topic #: 1
[All CISSP Questions]

The Chief Executive Officer (CEO) wants to implement an internal audit of the company's information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company's policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization's robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?

  • A. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.
  • B. The scope of the penetration test exercise and the internal audit were significantly different.
  • C. The external penetration testing company used custom zero-day attacks that could not have been predicted.
  • D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Rollizo at Oct. 1, 2022, 10:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Jamati
Highly Voted 2 years ago
Selected Answer: A
A salesman has no business running InfoSec audits.
upvoted 8 times
deeden
3 months, 2 weeks ago
Well, we're short staffed so I asked Bob here to do the audit :)
upvoted 1 times
...
jackdryan
1 year, 6 months ago
A is correct
upvoted 1 times
...
...
79cc092
Most Recent 3 months, 3 weeks ago
Selected Answer: A
Sales man go back to biz.
upvoted 1 times
...
79cc092
3 months, 3 weeks ago
Sales man lol!
upvoted 1 times
...
CCNPWILL
5 months, 3 weeks ago
Selected Answer: A
Answer is A ... Gimme question.
upvoted 1 times
...
xxxBadManxxx
8 months, 1 week ago
Selected Answer: B
The internal audit, conducted by the Sales Director, likely focused on assessing policies and procedures rather than conducting technical assessments or testing of critical security controls. Conversely, the external penetration test would have involved comprehensive technical testing, including attempts to exploit vulnerabilities and weaknesses in the system. This difference in scope could lead to varying results, with the external penetration test uncovering weaknesses that were not identified by the internal audit
upvoted 1 times
...
629f731
10 months, 2 weeks ago
Selected Answer: B
While technical expertise is crucial for certain assessments, the core reason for the disparity, given the context, seems to be the difference in scope and objectives between the internal audit and the external penetration test, making option B (The scope of the penetration test exercise and the internal audit were significantly different) the MOST likely reason.
upvoted 2 times
...
rajkamal0
1 year, 11 months ago
Selected Answer: A
A is the best answer.
upvoted 3 times
...
Proctored_Expert
1 year, 11 months ago
Selected Answer: D
D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.
upvoted 1 times
...
oudmaster
1 year, 11 months ago
B is not true, because the scope is the same as PenTest; "Information Security Posture".
upvoted 1 times
...
Rollizo
2 years, 1 month ago
Selected Answer: B
it could be really that the internal audit had a focus only in commercial matters
upvoted 2 times
CuteRabbit168
2 years, 1 month ago
It’s A. The Sales Director was assigned to conduct an information security audit.
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel