Certified Information Systems Auditor (CISA) — Question 786

Which of the following is MOST important for an IS auditor to validate when auditing network device management?

Answer options

• A. Devices cannot be accessed through service accounts.
• B. Backup policies include device configuration files.
• C. All devices are located within a protected network segment.
• D. All devices have current security patches assessed.

Correct answer: D

Explanation

The correct answer is D because ensuring that all devices have current security patches is crucial for mitigating vulnerabilities and protecting the network from potential threats. While the other options address important aspects of device management, they do not directly relate to the immediate security risk posed by outdated patches.