Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 737 discussion

Actual exam question from Isaca's CISA
Question #: 737
Topic #: 1
[All CISA Questions]

An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported. The auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?

  • A. Verify all patches have been applied to the software system's outdated version.
  • B. Monitor network traffic attempting to reach the outdated software system.
  • C. Close all unused ports on the outdated software system.
  • D. Segregate the outdated software system from the main network.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by MunaM at Sept. 7, 2022, 10:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
MunaM
Highly Voted 2 years, 2 months ago
I think answer should be D
upvoted 6 times
...
Jag127
Highly Voted 1 year, 9 months ago
Selected Answer: D
Yes it should be D as keeping the system out of main network will protect the network from any vulnerability exposure
upvoted 5 times
...
Swallows
Most Recent 4 months ago
Selected Answer: A
Older versions of software are no longer supported and may not be patched for new security vulnerabilities, so patching known vulnerabilities whenever possible helps minimize the risk of an attack.
upvoted 1 times
...
Eiad1100
6 months ago
Selected Answer: D
D is the best immediate action to reduce the associated risk
upvoted 2 times
...
Sayed_Jawad
9 months ago
Selected Answer: D
It should be D, the question is asking "to reduce", asking for mitigation. Monitoring is not a control. Monitoring and reviewing is a detective control
upvoted 3 times
...
Lusis
1 year, 1 month ago
I think the answer still should be B, because of the fact that "it will take six months until the software is running on current version". if it means in 6 months the version will be changed and be supported, doesn't make sense to segregate, but monitor.
upvoted 2 times
NotJamesCharles
11 months, 2 weeks ago
Im so sorry but how exactly does monitoring the software reduce risk?
upvoted 1 times
...
...
starzuu
1 year, 3 months ago
i feel like D is the safest but then wouldn't D disrupt business processes?
upvoted 2 times
starzuu
1 year, 3 months ago
nvm it must be D
upvoted 2 times
...
...
JONESKA
1 year, 4 months ago
I would go with D. put them on another VLAN.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel