Certified Information Systems Auditor (CISA) — Question 404

What is MOST important to verify during an external assessment of network vulnerability?

Answer options

• A. Regular review of the network security policy
• B. Location of intrusion detection systems (IDS)
• C. Update of security information event management (SIEM) rules
• D. Completeness of network asset inventory

Correct answer: D

Explanation

The completeness of the network asset inventory is essential because it ensures that all assets are accounted for and assessed for vulnerabilities. Without a complete inventory, critical vulnerabilities may be overlooked. The other options, while important for security, do not directly address the necessity of identifying all network assets during a vulnerability assessment.