Certified Information Systems Auditor (CISA) — Question 714

Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS auditor has been asked to conduct a control assessment. The auditor's BEST course of action would be to determine if:

Answer options

• A. the patches were updated.
• B. the logs were monitored.
• C. the domain controller was classified for high availability.
• D. the network traffic was being monitored.

Correct answer: A

Explanation

The correct answer is A because ensuring that patches are updated directly addresses the vulnerability that was exploited. Options B, C, and D, while important for overall security, do not specifically mitigate the risk associated with the unpatched vulnerability in the domain controller.