Certified Information Systems Auditor (CISA) — Question 1432

Which of the following is the GREATEST risk associated with conducting penetration testing on a business-critical application production environment?

Answer options

• A. Results may differ from those obtained in the test environment.
• B. Data integrity may become compromised.
• C. System owners may not be informed in advance.
• D. This type of testing may not adhere to audit standards.

Correct answer: B

Explanation

The correct answer is B because penetration testing can inadvertently alter or compromise data in a live production environment, which could have severe repercussions. Options A, C, and D, while valid concerns, do not present the same level of immediate risk to the organization as the possibility of data integrity being compromised.