ExpertMedium1 markMultiple Choice
CPA · Question 50 · Area II: Security
An auditor is reviewing the results of a penetration test. The report identifies a 'Critical' vulnerability involving an unpatched server exposed to the internet. What is the auditor's most appropriate next step?
An auditor is reviewing the results of a penetration test. The report identifies a 'Critical' vulnerability involving an unpatched server exposed to the internet. What is the auditor's most appropriate next step?
Answer options:
A.
Immediately shut down the server.
B.
Verify if management has a remediation plan and if the patch has been applied.
C.
Ignore it as it's a technical issue.
D.
Perform the penetration test again personally.
How to approach this question
Think like an auditor: Observe, Assess, Report.
Full Answer
B.Verify if management has a remediation plan and if the patch has been applied.✓ Correct
The auditor's role is to assess whether management has addressed the identified risk. Verifying the remediation plan and status is the correct procedure.
Common mistakes
Thinking the auditor should fix the problem.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy