nerdexam
EC-Council

512-50 · Question #297

512-50 Question #297: Real Exam Question with Answer & Explanation

The correct answer is C. Report the audit findings and remediation status to business stake holders. See the full explanation below for the reasoning.

Question

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Options

  • AValidate the effectiveness of current controls
  • BCreate detailed remediation funding and staffing plans
  • CReport the audit findings and remediation status to business stake holders
  • DReview security procedures to determine if they need modified according to findings

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 512-50 Practice