Certified Information Security Manager (CISM) — Question 534

A technical vulnerability assessment on a personnel information management server should be performed when:

Answer options

• A. the data owner leaves the organization unexpectedly
• B. the number of unauthorized access attempts increases
• C. changes are made to the system configuration
• D. an unexpected server outage has occurred

Correct answer: C

Explanation

The correct answer is C because changes to the system configuration can introduce new vulnerabilities that need to be assessed. Options A and B indicate scenarios that may warrant attention but do not specifically relate to system configuration changes, while option D addresses a different issue related to outages rather than proactive vulnerability assessment.