An auditor is reviewing the results of a penetration test. The report identifies a 'Critical' vulnerability involving an unpatched server exposed to the internet. What is the auditor's most appropriate next step?

Answer options:

Immediately shut down the server.

Verify if management has a remediation plan and if the patch has been applied.

Ignore it as it's a technical issue.

Perform the penetration test again personally.

How to approach this question

Think like an auditor: Observe, Assess, Report.

Full Answer

B.Verify if management has a remediation plan and if the patch has been applied.✓ Correct

Verify if management has a remediation plan and if the patch has been applied.

The auditor's role is to assess whether management has addressed the identified risk. Verifying the remediation plan and status is the correct procedure.

Common mistakes

Thinking the auditor should fix the problem.

Question 49 All questions Question 51

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...Medium Q02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...Hard Q03A financial institution requires a cloud deployment model that offers the highest level of contro...Medium Q04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...Medium Q05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy

View all 82 questions →