Exam IIA-CIA-Part3 topic 2 question 92 discussion

My answer is also B. Does anyone agree? please click the like button. For an internal auditor, the most important point to consider with regard to the database version would be option b) Verify whether the database software version is supported by the vendor. While all the options seem relevant, the primary concern for an auditor should be the risk to the organization. If the database software version is not supported by the vendor, it could pose potential security risks and operational challenges. Being unsupported might mean that the software will no longer receive essential updates, including protection against new threats. Option a) is also significant as using the most recent database software version ensures better functionality and security features. However, it is not critical if the existing version is still supported and secure. Option c) and d) are less critical from an auditor's perspective as they don't directly impact the risks.

It's B! Admins please correct

Per Gleim, it's gotta be B. Here's why: Having the most upgraded or most recent software version is not really a concern. If you have the 2011 version of Excel (and not 2020 version) but it works for your organization, then who cares? As far as the information being restricted, that is something that probably should be looked at, but it's all moot if you haven't first verified that the software version you got is actually from the VENDOR. Per Gleim: "the first task an auditor should perform is to detect if the software version is an illegal copy". You could have gotten the "Excel" software from the internet, but you might've gotten an illegal copy that could contain a virus - or it could be a version that doesn't work good. Also, if you have issues and the software version you have is not supported by the vendor, then who the heck do you go to? So you'd first want to make sure that you actually have the version that is supported by the vendor.

How can the answer not be A?