CompTIA Security+ Question D-75

The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?

A. User permissions
B. Policy enforcement
C. Routine audits
D. Change management

Answer: C

After you have implemented security controls based on risk, you must perform routine audits. These audits should include reviews of user rights and permissions as well as specific events. You should pay particular attention to false positives and negatives.