PrepAway - Latest Free Exam Questions & Answers

Which of the following is the MOST important activity t…

In order to maintain oversight of a third party service provider, the company is going to implement a
Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture
coverage. Which of the following is the MOST important activity that should be considered?

PrepAway - Latest Free Exam Questions & Answers

A.
Continuous security monitoring

B.
Baseline configuration and host hardening

C.
Service Level Agreement (SLA) monitoring

D.
Security alerting and trending

Explanation:
The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security
posture coverage. This is great for testing the security posture. However, to be effective and ensure the
company always has a good security posture, you need to monitor the security continuously.
Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is
maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets
improved.” Well, in network security, “that which gets monitored gets secure.”
Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of
network traffic levels, routine evaluations for regulatory compliance, and checks of network security device
configurations.

PrepAway - Latest Free Exam Questions & Answers

Leave a Reply