Which of the following is an IS auditor's GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?
A.
The organization may not be in compliance with licensing agreements.
B.
System functionality may not meet business requirements.
C.
The system may have version control issues.
D.
The organization may be more susceptible to cyber-attacks.
Unpatched software is a major vulnerability because cyber attackers are constantly looking to exploit known weaknesses in software. By not updating software regularly, the organization leaves its systems exposed to these vulnerabilities, increasing the risk of a cyber attack.
CISA prioritizes controls that mitigate security risks. In this case, keeping software updated is a critical security control to prevent cyberattacks. Answer according to CISA guide
option is d although the they are individual computers in the internal environment, as they still form a part o f network.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
5b56aae
8 months, 2 weeks agoTef_corp
9 months agoDeeplaxmi
2 years, 3 months ago