Home » Cisco » 400-251 » What are the two most common methods that security auditors use to assess an organization’s security processes?
What are the two most common methods that security auditors use to assess an organization’s security processes? (Choose two)
A. social engineering attempts
B. interviews
C. policy assessment
D. penetration testing
E. document review
F. Physical observation
Correct Answer: BF
Explanation/Reference:
Explanation:
Check out the section called “Auditing security practices”, namely the block for “Security process review”:
http://www.ciscopress.com/articles/article.asp?p=1606900&seqNum=2