Which of the following is NOT a common type of security audit?
2024
Which of the following is NOT a common type of security audit?
- A.
Vulnerability assessment
- B.
Penetration testing
- C.
Data encryption
- D.
Security compliance audit
Show answer & explanation
Correct answer: C
Answer: Data encryption — This is the correct choice.
Explanation: Data encryption is a security control used to protect information by encoding it so only authorized parties can read it. It is a protective measure, not an audit process.
Vulnerability assessment: An audit activity that scans systems to identify and prioritize vulnerabilities for remediation.
Penetration testing: A simulated attack performed by security professionals to test defenses and uncover exploitable weaknesses.
Security compliance audit: An audit that checks whether an organization complies with specific regulations, standards, or internal policies.
Tip: Audits evaluate, test, or verify security posture and compliance; encryption is a control applied to protect data rather than an audit activity.