Certified Information Systems Auditor (CISA) — Question 957

An organization has virtualized its server environment without making any other changes to the network or security infrastructure. Which of the following is the
MOST significant risk?

Answer options

• A. Data center environmental controls not aligning with new configuration
• B. System documentation not being updated to reflect changes in the environment
• C. Vulnerability in the virtualization platform affecting multiple hosts
• D. Inability of the network intrusion detection system (IDS) to monitor virtual server-to-server communications.

Correct answer: C

Explanation

The most significant risk is a vulnerability in the virtualization platform affecting multiple hosts, as it can lead to widespread exploitation across the virtual environment. While the other options present concerns, they do not pose the same level of immediate threat to the overall security and integrity of the system as a vulnerability in the virtualization layer does.