Certified Information Systems Auditor (CISA) — Question 1422

Which of the following would be of MOST concern during an audit of an end-user computing (EUC) system containing sensitive information?

Answer options

• A. Audit logging is not available.
• B. System data is not protected.
• C. The system's anti-virus software is outdated.
• D. Service level agreements (SLAs) are undefined.

Correct answer: B

Explanation

The correct answer is B because unprotected system data poses the highest risk of exposure or breach of sensitive information. While audit logging, anti-virus status, and SLAs are important, they are secondary compared to the immediate risk of data being unprotected.