CISSP ALL-IN-ONE EXAM GUIDE PART 6
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1
Internal audits are the preferred approach when which of the following is true?
A. The organization lacks the organic expertise to conduct them.
B. Regulatory requirements dictate the use of a third-party auditor.
C. The budget for security testing is limited or nonexistent.
D. There is concern over the spillage of proprietary or confidential information.
ANSWER: C. The budget for security testing is limited or nonexistent. ✔✔
Explanation: Third-party auditors are almost always fairly expensive. If an
organization's budget does not support their use, it may be necessary to rely on
internal assets to conduct the audit.
Question 2
All of the following are steps in the security audit process EXCEPT:
A. Document the results.
B. Convene a management review.
C. Involve the right business unit leaders.
D. Determine the scope.
ANSWER: B. Convene a management review. ✔✔
, Explanation: The management review is not a functional step within the audit itself.
Instead, a management review typically takes place after the fact, using the
finalized results of one or more audits to make strategic business decisions.
Question 3
Which of the following is a distinct advantage of utilizing third-party auditors?
A. They may have knowledge that an organization wouldn't otherwise be able to
leverage.
B. Their overall cost.
C. The requirement for NDAs and continuous supervision.
D. Their heavy reliance on automated scanners and reports.
ANSWER: A. They may have knowledge that an organization wouldn't otherwise
be able to leverage. ✔✔
Explanation: Because third-party auditors perform assessments across multiple
different organizations, their knowledge and skills are constantly refreshed. They
routinely bring external insights, specialized expertise, and industry benchmarks
that would otherwise be unavailable to internal teams.
Choose the term that describes an audit performed to demonstrate that an
organization is complying with its contractual obligations to another organization.
A. Internal audit
B. Third-party audit
C. External audit
D. Compliance audit
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1
Internal audits are the preferred approach when which of the following is true?
A. The organization lacks the organic expertise to conduct them.
B. Regulatory requirements dictate the use of a third-party auditor.
C. The budget for security testing is limited or nonexistent.
D. There is concern over the spillage of proprietary or confidential information.
ANSWER: C. The budget for security testing is limited or nonexistent. ✔✔
Explanation: Third-party auditors are almost always fairly expensive. If an
organization's budget does not support their use, it may be necessary to rely on
internal assets to conduct the audit.
Question 2
All of the following are steps in the security audit process EXCEPT:
A. Document the results.
B. Convene a management review.
C. Involve the right business unit leaders.
D. Determine the scope.
ANSWER: B. Convene a management review. ✔✔
, Explanation: The management review is not a functional step within the audit itself.
Instead, a management review typically takes place after the fact, using the
finalized results of one or more audits to make strategic business decisions.
Question 3
Which of the following is a distinct advantage of utilizing third-party auditors?
A. They may have knowledge that an organization wouldn't otherwise be able to
leverage.
B. Their overall cost.
C. The requirement for NDAs and continuous supervision.
D. Their heavy reliance on automated scanners and reports.
ANSWER: A. They may have knowledge that an organization wouldn't otherwise
be able to leverage. ✔✔
Explanation: Because third-party auditors perform assessments across multiple
different organizations, their knowledge and skills are constantly refreshed. They
routinely bring external insights, specialized expertise, and industry benchmarks
that would otherwise be unavailable to internal teams.
Choose the term that describes an audit performed to demonstrate that an
organization is complying with its contractual obligations to another organization.
A. Internal audit
B. Third-party audit
C. External audit
D. Compliance audit
