Certified Information Systems Auditor (CISA) — Question 865

Which of the following would be of GREATEST concern to an IS auditor conducting an audit of an organization's network security with the focus of preventing system breaches?

Answer options

• A. Computer names are available to the Internet.
• B. The data loss prevention (DLP) system does not monitor malicious incoming traffic.
• C. Help desk personnel are able to remote into other external systems.
• D. The guest wireless system does not have content filtering.

Correct answer: B

Explanation

The correct answer, B, highlights a critical vulnerability since a DLP system is essential for monitoring and blocking malicious traffic that could lead to breaches. Option A is less concerning as computer names alone do not pose a direct threat, while C focuses on remote access by help desk personnel, which can be managed with proper controls. Option D addresses guest network issues but is not as critical as the effectiveness of the DLP system in preventing breaches.