What should the auditor recommend be done FIRST?

CISA V2 0 Comments

An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available.

What should the auditor recommend be done FIRST?
A . Implement a new system that can be patched.
B . Implement additional firewalls to protect the system.
C . Decommission the server.
D . Evaluate the associated risk.

Answer: D

Explanation:

The first step in addressing a vulnerability is to evaluate the associated risk, which involves assessing the likelihood and impact of a potential exploit. Based on the risk assessment, the appropriate mitigation strategy can be determined, such as implementing a new system, adding firewalls, or decommissioning the server.

References: ISACA CISA Review Manual 27th Edition, page 280

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF     CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments