ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 357 discussion

Actual exam question from ISC's CISSP
Question #: 357
Topic #: 1
[All CISSP Questions]

An organization's internal audit team performed a security audit on the company's system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope, but identified severe weaknesses in the manufacturing application's security controls. What is MOST likely to be the root cause of the internal audit team's failure in detecting these security issues?

  • A. Inadequate security patch testing
  • B. Inadequate test coverage analysis
  • C. Inadequate log reviews
  • D. Inadequate change control procedures
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by krassko at Oct. 16, 2022, 9:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
klarak
4 months ago
Hate the wording of the question. I think they're looking for A. I'd argue what they're looking for is the "First" thing you should consider. It's arguable what the "most important" thing is, since the most important thing changes based on what stage you are in the assessment process.
upvoted 1 times
klarak
4 months ago
Sorry - replied to the wrong question.
upvoted 1 times
...
...
JohnyDal
1 year, 7 months ago
Selected Answer: B
"Same scope" means the denominator of the test coverage formula "the number of use cases available" was same for both internal and external auditors. But internal auditors screwed up in the numerator and didnt do adequate number of use cases tested. External auditors did better due care and had more number of use cases tested from the same scope and identified more and severe.
upvoted 1 times
jackdryan
1 year, 3 months ago
B is correct
upvoted 1 times
...
...
[Removed]
1 year, 10 months ago
A in my opinion, the baseline that was established previously is no longer secure, as new vulnerabilities have been discovered with this new assessment (weaknesses to me = vulnerability). Likely rested easy after doing their assessment, and didn't continue to review the relevance of the baseline. Shows the importance of frequent vulnerability assessments. They event reported in their initial assessment "that the manufacturing application is rarely updated".
upvoted 1 times
Hackermayne
4 months, 1 week ago
B, because it references controls and not the system itself. I can see how you would assume patching at first glance though, but there's a reason it specifically isn't an option.
upvoted 1 times
...
...
WiDeBarulho
1 year, 10 months ago
Selected Answer: B
B is correct. The fact that it's the same scope actually tells you that the internal team didn't do a proper analysis of what they did/didn't cover on their internal tests.
upvoted 3 times
...
Nickname53796
1 year, 10 months ago
Selected Answer: B
Not A, Not C Maybe B - internal team didn’t do as much as they should have. Maybe D - no change control means no updates
upvoted 3 times
...
krassko
1 year, 10 months ago
Selected Answer: D
Can't be B as the question says: " the same scope"
upvoted 3 times
oudmaster
1 year, 8 months ago
same scope yes, but external team are usually more experienced and capable to find more security weaknesses in the systems.
upvoted 1 times
SaintDaSinner
1 year, 7 months ago
Respectfully, "more experience" is an assumption... IF they performed under the stated scope the only change-agent would be weaknesses in the area of a non-static environment change controls.
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago