Certified Information Systems Auditor (CISA) — Question 948

Which of the following BEST enables an organization to identify potential security threats associated with a virtualization technique proposed by the vendor of a popular virtual machine (VM) system?

Answer options

• A. Architecture design
• B. Functional specifications
• C. Risk assessment
• D. Hypervisor logs

Correct answer: C

Explanation

The correct answer is C, as a risk assessment systematically evaluates potential security vulnerabilities and threats associated with the virtualization technique. Options A and B focus on design and functionality, which do not directly identify security threats, while option D involves logs that may indicate issues after they occur but do not proactively identify potential risks.