nerdexam
EC-Council

312-50V11 · Question #263

Which of the following processes evaluates the adherence of an organization to its stated security policy?

The correct answer is D. Security auditing. Security auditing is the formal process of evaluating whether an organization's practices and controls comply with its own defined security policies and standards.

Information Security and Ethical Hacking Fundamentals

Question

Which of the following processes evaluates the adherence of an organization to its stated security policy?

Options

  • AVulnerability assessment
  • BPenetration testing
  • CRisk assessment
  • DSecurity auditing

How the community answered

(36 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    94% (34)

Why each option

Security auditing is the formal process of evaluating whether an organization's practices and controls comply with its own defined security policies and standards.

AVulnerability assessment

A vulnerability assessment identifies technical weaknesses in systems and infrastructure but does not measure adherence to organizational security policy.

BPenetration testing

Penetration testing simulates adversarial attacks to identify and exploit vulnerabilities, not to evaluate compliance with internal security policies.

CRisk assessment

A risk assessment identifies, analyzes, and prioritizes potential threats and their business impact, rather than evaluating whether stated policies are being followed.

DSecurity auditingCorrect

A security audit systematically examines an organization's security controls, configurations, and operational procedures against its stated policies, regulations, or standards to determine conformance or non-conformance. Unlike vulnerability assessments or penetration tests, the primary focus of an audit is measuring policy adherence rather than discovering exploitable weaknesses. Audit results produce documented evidence of compliance status and identify gaps between policy requirements and actual practice.

Concept tested: Security auditing definition and purpose

Source: https://csrc.nist.gov/publications/detail/sp/800-53a/rev-5/final

Topics

#security auditing#compliance#security policy#assessment types

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice