ISC2 CISSP Exam - Topic 4 Question 31 Discussion

Actual exam question for ISC2's CISSP exam

Question #: 31
Topic #: 4

What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?

AThe auditor must be independent and report directly to the management.

BThe auditor must utilize automated tools to back their findings.

CThe auditor must work closely with both the information Technology (IT) and security sections of an organization.

DThe auditor must perform manual reviews of systems and processes.

Show Suggested Answer

Suggested Answer: A

by Shawnda at May 06, 2022, 04:49 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Holley

4 months ago

Wait, can auditors really report directly to management without issues?

upvoted 0 times

...

Lavelle

4 months ago

Close collaboration with IT is important too!

upvoted 0 times

...

Martha

4 months ago

Really? I thought automated tools were more reliable.

upvoted 0 times

...

Lang

4 months ago

Totally agree, independence is key!

upvoted 0 times

...

Shawn

5 months ago

The auditor must be independent to avoid bias.

upvoted 0 times

...

Elvis

5 months ago

I’m not sure about the manual reviews part; it seems like it could be important, but I don’t recall it being the main requirement for objectivity.

upvoted 0 times

...

Ming

5 months ago

I feel like using automated tools could help, but it doesn’t really address the risk of retaliation directly.

upvoted 0 times

...

Glenna

5 months ago

I remember a practice question about the importance of independence in audits, so I’m leaning towards option A.

upvoted 0 times

...

Douglass

5 months ago

I think the auditor needs to be independent to avoid any bias, but I'm not entirely sure if that means they have to report directly to management.

upvoted 0 times

...

Meghan

5 months ago

Hmm, I'm a bit unsure about the differences between these YANG data models. I'll need to re-read the question details and think through the configuration requirements.

upvoted 0 times

...

Merrilee

5 months ago

I'm confident I know the right answer here. SAML 2.0 is all about secure authentication, so enabling it for all users is a best practice.

upvoted 0 times

...