Certified Information Systems Auditor (CISA) — Question 106
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
Answer options
- A. Security design flaws
- B. Misconfiguration and missing updates
- C. Zero-day vulnerabilities
- D. Malicious software and spyware
Correct answer: B
Explanation
The correct answer is B because a network vulnerability assessment primarily identifies issues such as misconfigurations and outdated software that can be exploited. While security design flaws (A), zero-day vulnerabilities (C), and malicious software (D) may be relevant, they are not the main focus of a vulnerability assessment.