Certified Information Systems Auditor (CISA) — Question 1416

From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?

Answer options

• A. Inability to determine the cost of deployed software
• B. Inability to close unused ports on critical servers
• C. Inability to identify unused licenses within the organization
• D. Inability to deploy updated security patches

Correct answer: D

Explanation

The correct answer, D, highlights that without a complete inventory, organizations may miss critical updates, exposing them to vulnerabilities. Options A, B, and C represent significant concerns but do not directly relate to the immediate risk of failing to secure systems against threats due to outdated software.