Certified Information Systems Auditor (CISA) — Question 1160

Which of the following is the GREATEST concern when applying emergency patches?

Answer options

• A. Temporary administrative permissions may be needed to apply patches.
• B. A change record may not be adequately assessed.
• C. Patch-related risk may not be adequately assessed.
• D. Documented approvals may not be required before applying the emergency patch.

Correct answer: C

Explanation

The primary concern with emergency patches is that the associated risks might not be thoroughly evaluated, leading to potential vulnerabilities or issues. While temporary permissions, change records, and approvals are important, they do not pose as critical a risk as not assessing the patch-related risks themselves.