5d • 🙋♂️ CISSP
CISSP Practice Question (Domain 6: Security Assessment and Testing)
A financial institution uses continuous control monitoring to support regulatory examinations. During a supervisory review, regulators challenge whether reported control effectiveness constitutes “reasonable assurance,” given that testing criteria, thresholds, and exception handling are defined by the same team operating the controls. Leadership wants defensible assurance without dismantling automation.
What is the MOST appropriate action to take NEXT?
A. Rotate control owners periodically to reduce familiarity bias
B. Establish independent assurance criteria and validation over monitoring logic
C. Increase sampling depth and testing frequency across automated controls
D. Supplement dashboards with annual external audit attestations
Come back for the answer tomorrow, or study more now!
1
13 comments
CISSP Practice Question (Domain 6: Security Assessment and Testing)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+65
2
+48
3
+41
4
+41
5
+23
Powered by