(ISC)2(ISC)2
CISSP · Question #700
CISSP Question #700: Real Exam Question with Answer & Explanation
The correct answer is A: To ensure the organization's controls and pokies are working as intended. Auditing in the security review cycle primarily validates that an organization's security controls and policies are functioning as designed and intended.
Submitted by omar99· Mar 5, 2026Security Assessment and Testing
Question
What is the PRIMARY purpose of auditing, as it relates to the security review cycle?
Options
- ATo ensure the organization's controls and pokies are working as intended
- BTo ensure the organization can still be publicly traded
- CTo ensure the organization's executive team won't be sued
- DTo ensure the organization meets contractual requirements
Explanation
Auditing in the security review cycle primarily validates that an organization's security controls and policies are functioning as designed and intended.
Common mistakes.
- B. While public companies may be subject to audits for regulatory compliance (e.g., SOX), maintaining stock exchange listing eligibility is a secondary business outcome, not the primary security purpose of auditing.
- C. Protecting executives from litigation is a potential ancillary benefit of good governance, but it is not the primary security-focused objective of the audit process within a security review cycle.
- D. Meeting contractual requirements (e.g., SLAs or third-party agreements) may be one driver for conducting an audit, but it is a specific use case rather than the overarching primary purpose of auditing in the security review cycle.
Concept tested. Purpose of security auditing in review cycles
Topics
#security auditing#control effectiveness#compliance monitoring
Community Discussion
No community discussion yet for this question.