Certified Information Systems Auditor (CISA) — Question 975

Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?

Answer options

• A. Emergency change records
• B. Penetration test results
• C. IT security incidents
• D. Server room access history

Correct answer: B

Explanation

The correct answer, B, Penetration test results, should be classified at the highest level of sensitivity due to the critical nature of the information they contain regarding vulnerabilities. While emergency change records, IT security incidents, and server room access history are also sensitive, they do not reveal specific weaknesses in the security posture as penetration test results do.