Certified Information Systems Auditor (CISA) — Question 601

Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm for potential software vulnerabilities?

Answer options

• A. Guest operating systems are updated monthly.
• B. Antivirus software has been implemented on the guest operating system only.
• C. A variety of guest operating systems operate on one virtual server.
• D. The hypervisor is updated quarterly.

Correct answer: B

Explanation

The correct answer is B because relying solely on antivirus software on the guest operating system may leave the hypervisor and other layers vulnerable, increasing overall risk. Options A, C, and D indicate some level of maintenance and update procedures that, while not perfect, still help mitigate risks associated with software vulnerabilities.