CISA Certified Information Systems Auditor – Question1612

Which of the following penetration tests would MOST effectively evaluate incident handling and response capabilities of an organization?

A.
Targeted testing
B. External testing
C. internal testing
D. Double-blind testing

Correct Answer: D

Explanation:

Explanation:
In a double-blind test, the administrator and security staff are not aware of the test, which will result in an assessment of the incident handling and response capability in an organization. In targeted, external, and internal testing, the system administrator and security staff are aware of the tests since they are informed before the start of the tests.