10.Question 10What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.1 pointQuestions about specific controlsA summary of the scopeResults and recommendationsA list of existing risks

A security professional is asked to communicate the results of an internal security audit to stakeholders. What should be included in that communication? Select three answers.1 pointA list of risks and compliance requirements that need to be addressedA summary of the audit's scope and goalsA recommendation about how to improve the organization’s security postureA list of questions for stakeholders to answer

Fill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.1 pointconducting a risk assessmentestablishing the scope and goalscommunicating to stakeholdersassessing compliance

Fill in the blank: In an internal security audit, _____ refers to identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.1 pointscopecompleting a controls assessmentimplementing administrative controlsgoals

What are some of the primary objectives of an internal security audit? Select three answers.1 pointImprove security postureDevelop a guiding security statement for the businessHelp security teams identify organizational riskAvoid fines due to a lack of compliance

A security analyst performs an internal security audit. They review their company’s existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?1 pointAssessing complianceCommunicating resultsCompleting a controls assessmentEstablishing the scope and goals