Which of the following should be the auditor’s NEXT course of action?

CISA V2 0 Comments

An IS auditor finds that firewalls are outdated and not supported by vendors.

Which of the following should be the auditor’s NEXT course of action?
A . Report the mitigating controls.
B . Report the security posture of the organization.
C . Determine the value of the firewall.
D . Determine the risk of not replacing the firewall.

Answer: D

Explanation:

The IS auditor’s next course of action after finding that firewalls are outdated and not supported by vendors should be to determine the risk of not replacing the firewall. Outdated firewalls may have known vulnerabilities that can be exploited by attackers to bypass security controls and access the network. They may also lack compatibility with newer technologies or standards that are required for optimal network performance and protection. Not replacing the firewall could expose the organization to various threats, such as data breaches, denial-of-service attacks, malware infections, or regulatory non-compliance. The IS auditor should assess the likelihood and impact of these threats and quantify the risk level for management to make informed decisions.

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF     CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments