nerdexam
(ISC)2

CISSP · Question #641

What is the PRIMARY objective for conducting an internal security audit?

The correct answer is D. Verify that applicable security controls are implemented and effective.. The primary objective of conducting an internal security audit is to assess whether the security controls in place are not only implemented but also effective in mitigating risks and protecting the organization's assets. The audit process is designed to ensure that the security m

Submitted by luis.pe· Mar 5, 2026Security Assessment and Testing

Question

What is the PRIMARY objective for conducting an internal security audit?

Options

  • AVerify that all systems and Standard Operating Procedures (SOP) are properly documented.
  • BVerify that all personnel supporting a system are knowledgeable of their responsibilities.
  • CVerify that security controls are established following best practices.
  • DVerify that applicable security controls are implemented and effective.

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    12% (3)
  • C
    8% (2)
  • D
    76% (19)

Explanation

The primary objective of conducting an internal security audit is to assess whether the security controls in place are not only implemented but also effective in mitigating risks and protecting the organization's assets. The audit process is designed to ensure that the security measures are functioning as intended and to identify any gaps or weaknesses in the current security posture. An internal security audit helps to ensure that the organization is meeting its security objectives and complying with relevant standards, regulations, and policies.

Topics

#security audit#control effectiveness#internal audit

Community Discussion

No community discussion yet for this question.

Full CISSP Practice