Certified Information Systems Auditor (CISA) — Question 8

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?

Answer options

• A. Improve the change management process
• B. Perform a configuration review
• C. Establish security metrics
• D. Perform a penetration test

Correct answer: B

Explanation

The best recommendation is to perform a configuration review, as this directly addresses the inconsistencies in security settings, allowing for the identification and rectification of vulnerabilities. Improving the change management process, establishing security metrics, and performing a penetration test do not specifically resolve the immediate issue of inconsistent security configurations.