Certified Information Systems Auditor (CISA) — Question 915

A network review is being undertaken to evaluate security risks. Which of the following would be of MOST concern if identified during the review?

Answer options

• A. Router access to the Internet from the internal network
• B. Direct network access from PCs to the Internet
• C. Firewall access to the internal network from the Internet
• D. Remote access to the internal network from internal PCs

Correct answer: B

Explanation

Direct network access from PCs to the Internet poses the highest risk as it can expose the internal network directly to external threats without adequate protection. In contrast, router access and firewall access can be controlled and monitored, while remote access from internal PCs is typically managed through secure methods.