CISSP · Question #1051
CISSP Question #1051: Real Exam Question with Answer & Explanation
The correct answer is A: Inadequate test coverage analysis. The scenario describes a manufacturing application that is rarely updated, yet internal auditors categorized its issues as minor, while an external audit later found severe weaknesses in its security controls. This suggests the internal team did not fully exercise or examine all
Question
An organization's internal audit team performed a security audit on the company's system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope, but identified severe weaknesses in the manufacturing application's security controls. What is MOST likely to be the root cause of the internal audit team's failure in detecting these security issues?
Options
- AInadequate test coverage analysis
- BInadequate security patch testing
- CInadequate log reviews
- DInadequate change control procedures
Explanation
The scenario describes a manufacturing application that is rarely updated, yet internal auditors categorized its issues as minor, while an external audit later found severe weaknesses in its security controls. This suggests the internal team did not fully exercise or examine all relevant controls, paths, or configurations in the application (for example, unpatched components, weak access controls, or insecure interfaces), which points to inadequate test coverage analysis rather than a specific patch‑testing or logging problem.
Topics
Community Discussion
No community discussion yet for this question.