Certified Information Systems Auditor (CISA) — Question 1019

Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?

Answer options

• A. The scanning will be cost-effective.
• B. The scanning will be performed during non-peak hours.
• C. The scanning will be followed by penetration testing.
• D. The scanning will not degrade system performance.

Correct answer: D

Explanation

The primary concern in vulnerability scanning for critical IT infrastructure is ensuring that system performance remains stable during the process, which makes option D the correct choice. While cost-effectiveness, timing, and follow-up testing are important, they do not outweigh the necessity of maintaining system performance, especially in critical environments.