CISSP-ISSMP Question #119: Real Exam Question with Answer & Explanation

The correct answer is B: Auditor. An auditor is liable for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not. It is the responsibility of the auditor to generate the compliance and effectiveness reports, which are reviewed by the seni

Security Audit Management

Question

Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

Options

AData custodian
BAuditor
CUser
DData owner

Explanation

An auditor is liable for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not. It is the responsibility of the auditor to generate the compliance and effectiveness reports, which are reviewed by the senior management. Answer option A is incorrect. The data custodian is responsible for the task of implementing the prescribed protection defined by the security policy and upper management. Answer option D is incorrect. The data owner is responsible for classifying information for placement and protection within the security solution. Answer option C is incorrect. The user can be any person who has access to the secured system. Auditors for Fun and Pleasure"

Topics

#Auditing#Security Roles and Responsibilities#Policy Compliance#Verification

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice Browse All CISSP-ISSMP Questions