Which of the following is NOT a common type of security audit?

2024

Which of the following is NOT a common type of security audit?

  1. A.

    Vulnerability assessment

  2. B.

    Penetration testing

  3. C.

    Data encryption

  4. D.

    Security compliance audit

Show answer & explanation

Correct answer: C

Answer: Data encryption — This is the correct choice.

Explanation: Data encryption is a security control used to protect information by encoding it so only authorized parties can read it. It is a protective measure, not an audit process.

  • Vulnerability assessment: An audit activity that scans systems to identify and prioritize vulnerabilities for remediation.

  • Penetration testing: A simulated attack performed by security professionals to test defenses and uncover exploitable weaknesses.

  • Security compliance audit: An audit that checks whether an organization complies with specific regulations, standards, or internal policies.

Tip: Audits evaluate, test, or verify security posture and compliance; encryption is a control applied to protect data rather than an audit activity.

Explore the full course: Iisc Administrative Assistant 2026