KT-CG Audit readiness

Auditors request proof of privileged access reviews; team has screenshots but no tickets. Gap?

Multiple choice — select one answer

Answer choices

  1. a. Audits should not cover identity governance in technology companies, without security or identity team coordination per policy.
  2. b. Lack of traceable workflow and evidence tying reviews to remediation actions
  3. c. Screenshots are always sufficient if stored on a shared drive, without security or identity team coordination per policy.
  4. d. Privileged access reviews are optional under all frameworks, without security or identity team coordination per policy.

Architectural breakdown & explanation

Audit evidence needs systems of record, not informal images alone.

Correct answer(s): b. Lack of traceable workflow and evidence tying reviews to remediation actions

Exam domain: Audit readiness (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Compliance & Governance bank. Run a full timed practice exam with domain-weighted random questions in your browser.