Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 40

Which of the following is a systems software control?

Answer options

• A. Restricting server room access to specific individuals.
• B. Housing servers with sensitive software away from environmental hazards.
• C. Ensuring that all user requirements are documented.
• D. Performing of intrusion testing on a regular basis.

Correct answer: D

Explanation

The correct answer is D, as performing intrusion testing is essential for identifying vulnerabilities in systems software. Options A and B focus on physical security measures, while C pertains to documentation rather than direct software controls.