SY0-701 - Security Program Management and Oversight - Section 5.5
Explain types and purposes of audits and assessments.
Distinguish internal audits from external audits and regulatory examinations, and explain how attestation formalises a responsible party's assertion that controls are operating effectively. Compare penetration testing and compliance assessments in terms of their objectives, recognising that penetration testing identifies exploitable weaknesses while a compliance assessment measures alignment with a specific standard or regulatory requirement.
internal vs external auditattestationpenetration testingcompliance assessmentregulatory examination
More in this domain
Back to all Security Program Management and Oversight objectives, or the SY0-701 cert hub.
Examworthy is not affiliated with or endorsed by CompTIA. Original, blueprint-aligned practice material only.