exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 349 discussion

Actual exam question from Isaca's CISA
Question #: 349
Topic #: 1
[All CISA Questions]

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?

  • A. Improve the change management process
  • B. Perform a configuration review
  • C. Establish security metrics
  • D. Perform a penetration test
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Community vote distribution
B (100%)

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Moukhtarfarid
Highly Voted 2 years, 5 months ago
in principle in a first step it is necessary to review the security parameters and then improve the change management process, for me the right answer is B.
upvoted 8 times
...
Gizmoduck
Highly Voted 2 years, 2 months ago
The issue is not that there has been problems with change management processes. The issue is that the current settings are not effective. The system settings should be reviewed to ensure that sufficient protections for this system be implemented. The answer should be B.
upvoted 7 times
...
3008
Most Recent 3 months, 3 weeks ago
Selected Answer: B
Option B proposes performing a configuration review. A configuration review involves identifying and documenting the current configuration of the application servers, comparing it to a known secure baseline, and identifying any deviations. This process can help identify vulnerabilities and provide guidance on how to remediate them. Therefore, option B is a valid recommendation and could be considered the BEST option.
upvoted 1 times
...
zebree
7 months, 1 week ago
Selected Answer: B
As an IS auditor, the best recommendation to address the issue of inconsistent security settings on application servers would be to standardize and centralize the security configurations of these servers. This can be achieved through the use of security configuration management tools and/or policies and procedures that ensure all application servers are configured consistently and securely. Additionally, the IS auditor could recommend implementing security monitoring and continuous audit processes to detect and remediate any future deviations from the standardized security configuration. Regular security assessments and penetration testing can also help identify and address potential vulnerabilities in a timely manner. Overall, the goal should be to ensure that all application servers have consistent and secure security configurations, and that any deviations from the standard are quickly identified and remediated to reduce the risk of potential vulnerabilities.
upvoted 1 times
...
A_Salem
1 year, 11 months ago
Correct answer is A. improve the Change management process. From CISA Q&A, Similar question, A4-81, There should be a complete change management process that includes testing, scheduling and approval. wrong answer B. is only a detection control.
upvoted 1 times
...
nwachinanulogu
2 years, 6 months ago
Perform a configuration review?...again? so how did the IS Auditor discover the inconsistency in the first place? I don't think B is right.
upvoted 3 times
A_Salem
1 year, 11 months ago
The question asks what should the auditor (recommend), not should (do). So the auditee should B. Perform a configuration review.
upvoted 5 times
...
A_Salem
1 year, 11 months ago
#correction# B. is only a detection control, the answer is A. improve the Change management process. This will ensure that the changes will authorized, tested, approved and reviewed.
upvoted 2 times
...
...
marcopolo13
2 years, 8 months ago
I think it is A. Perform a configuration review of what? Obviously there is a Change Management process but it is not being followed. You can review the configuration of the server and fix the configuration but the issue will happen again unless the process is improved.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
AI-102
Mexico City, 1 minute ago