Certified Information Systems Auditor (CISA) — Question 119
An IS auditor reviewing an information processing environment decides to conduct external penetration testing. Which of the following is MOST appropriate to include in the audit scope for the organization to distinguish between the auditor's penetration attacks and actual attacks?
Answer options
- A. Restricted host IP addresses of simulated attacks
- B. Testing techniques of simulated attacks
- C. Source IP addresses of simulated attacks
- D. Timing of simulated attacks
Correct answer: C
Explanation
Including the source IP addresses of simulated attacks is crucial as it allows the organization to identify which attacks are conducted by the auditor and which are legitimate threats. The other options, while relevant to the testing process, do not provide a clear distinction between auditor activities and actual attacks.