ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 467 discussion

Actual exam question from ISC's CISSP
Question #: 467
Topic #: 1
[All CISSP Questions]

An organization is the victim of a major data breach just one month after passing an external cyber security audit. Which of the following is the likely reason for this situation?

  • A. Both the auditor and the organization validated the controls to be accurate.
  • B. The organization had the minimum level of controls in place to pass the audit.
  • C. The auditor performed an in-depth analysis of the required controls.
  • D. The audit was initiated by appropriate levels of management in the organization.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by jackdryan at May 14, 2023, 4:34 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a_kto_to
3 months ago
Selected Answer: B
B. The organization had the minimum level of controls in place to pass the audit. Explanation: The scenario reflects the "compliance illusion" highlighted in the search results. Organizations often implement the bare minimum controls to satisfy audit checklists (e.g., PCI DSS, ISO 27001) without addressing real-world security gaps. For example: A company might encrypt cardholder data (to pass PCI DSS) but fail to secure APIs or third-party integrations, leaving attack surfaces exposed. Auditors may validate documented controls (e.g., firewall configurations) but not test for emerging threats like zero-day exploits or social engineering. Why Other Options Are Incorrect: A. Validated controls: Even if controls are "accurate," they may lack depth (e.g., outdated encryption standards). C. In-depth analysis: Most audits focus on compliance, not adversarial testing (e.g., penetration tests). D. Management-initiated audits: Leadership buy-in doesn’t guarantee robust controls; audits often prioritize compliance over security.
upvoted 1 times
...
BestCommentorNA
9 months, 2 weeks ago
Selected Answer: B
B. Final Answer.
upvoted 2 times
...
jackdryan
1 year, 3 months ago
B is correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel