Certified Information Systems Auditor (CISA) — Question 24

A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor's GREATEST concern?

Answer options

• A. Potential exploitation of zero-day vulnerabilities in the system
• B. Inability to update the legacy application database
• C. Increased cost of maintaining the system
• D. Inability to use the operating system due to potential license issues

Correct answer: A

Explanation

The greatest concern is the potential exploitation of zero-day vulnerabilities, as these can be targeted by attackers when the vendor no longer provides updates or security patches. While the inability to update the database, increased maintenance costs, and licensing issues are valid concerns, they do not pose the immediate security threat that unsupported vulnerabilities do.