Free Isaca Cybersecurity Audit Certificate Actual Exam Questions - Question 5 Discussion

C. Standards are usually the mandatory rules that ensure policy compliance, not just a recommended minimum. Baselines set minimum security levels but standards make them enforceable.

Option A defines the minimum level you can’t go below, so fits better.

A. Baselines sound right too since they set the minimum level you must meet before anything else. Standards often add more detail, but baselines define the lowest acceptable point.

Maybe C because standards usually set the specific mandatory rules you have to meet, not just general minimums or guidelines. Baselines are more like starting points, but standards are stricter.

Option A also fits since baselines represent the minimum security level required.

It’s C because standards are usually mandatory requirements, unlike guidelines which are just suggestions. Baselines set minimums too, but standards typically define the actual rules.

I think B makes the most sense since SECaaS lets companies access up-to-date tech against new threats without managing it all themselves.