Certified in Risk and Information Systems Control (CRISC) — Question 400

Which of the following is the MOST significant indicator of the need to perform a penetration test?

Answer options

• A. An increase in the number of infrastructure changes
• B. An increase in the number of security incidents
• C. An increase in the number of high-risk audit findings
• D. An increase in the percentage of turnover in IT personnel

Correct answer: A

Explanation

An increase in the number of infrastructure changes can signal potential vulnerabilities that may arise due to new configurations or systems. While security incidents and audit findings are important, they often indicate issues that have already occurred rather than proactive measures needed. High turnover in IT personnel may affect team stability but does not directly indicate the necessity for a penetration test.