CISSP Question #475: Real Exam Question with Answer & Explanation

The correct answer is C: Categorize and Identify evidence gathered during the audit. During a security assessment of access controls, the data analysis phase involves examining and making sense of the evidence that has already been collected, which means categorizing and identifying that evidence.

Submitted by viktor_hu· Mar 5, 2026Security Assessment and Testing

Question

When conducting a security assessment of access controls , Which activity is port of the data analysis phase?

Options

ACollect logs and reports.
BPresent solutions to address audit exceptions.
CCategorize and Identify evidence gathered during the audit
DConduct statiscal sampling of data transactions.

Explanation

During a security assessment of access controls, the data analysis phase involves examining and making sense of the evidence that has already been collected, which means categorizing and identifying that evidence.

Common mistakes.

A. Collecting logs and reports is part of the data collection phase, which precedes the data analysis phase, not part of analyzing the data already gathered.
B. Presenting solutions to address audit exceptions is part of the reporting or remediation phase, which occurs after analysis is complete and findings have been documented.
D. Conducting statistical sampling of data transactions is a data collection technique used to gather representative evidence, not an activity performed during the analysis phase.

Concept tested. Audit phases: data collection vs. data analysis

Reference. https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/it-audit-in-five-steps

Topics

#security assessment#access control audit#data analysis#audit process

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions