Which of the following is the MOST significant operational risk associated with the use of virtualization?
Correct Answer: B
Question 337
Which of the following findings would be of GREATEST concern to an IS auditor assessing an organization's patch management process?
Correct Answer: A
Explanation The organization's software inventory is not complete. This finding would be of greatest concern to an IS auditor assessing an organization's patch management process because: A software inventory is a list of all the software assets that an organization owns, uses, or manages. A software inventory is essential for effective patch management, as it helps identify the software that needs to be updated, the patches that are available, and the dependencies and compatibility issues that may arise. Without a complete software inventory, an organization may miss some critical patches, expose itself to security risks, and waste resources on unnecessary or redundant patches. Applications frequently need to be rebooted for patches to take effect. This finding would be of moderate concern to an IS auditor assessing an organization's patch management process because: Rebooting applications for patches to take effect is a common and expected practice in some cases, especially for operating system or kernel patches. However, frequent reboots may indicate that the organization is not applying patches in a timely or efficient manner, or that the patches are not well-designed or tested. Frequent reboots may also cause disruption to the business operations and user experience, and increase the risk of data loss or corruption. Software vendors are bundling patches. This finding would be of low concern to an IS auditor assessing an organization's patch management process because: Bundling patches is a practice where software vendors combine multiple patches into a single package or update. Bundling patches can have some advantages, such as reducing the number of downloads and installations, simplifying the patch management process, and ensuring consistency and compatibility among patches. However, bundling patches can also have some disadvantages, such as increasing the size and complexity of the updates, delaying the delivery of critical patches, and introducing new bugs or vulnerabilities. Testing patches takes significant time. This finding would be of low concern to an IS auditor assessing an organization's patch management process because: Testing patches is a vital step in the patch management process, as it helps ensure that the patches are functional, secure, and compatible with the existing software and hardware environment. Testing patches can take significant time, depending on the scope, complexity, and frequency of the patches. However, testing patches is a necessary investment to avoid potential problems or failures that could result from applying untested or faulty patches. References: Best practices for patch management Server Patch Management: Best Practices and Tools 11 Key Steps of the Patch Management Process
Question 338
Which of the following is the BEST control to reduce the likelihood that a spear phishing attack will be successful?
Correct Answer: A
Question 339
An organization is using a single account shared by personnel for its social networking marketing page. Which of the following is the BEST method to maintain accountability over the account?
Correct Answer: D
Question 340
IS audits should be selected through a risk analysis process to concentrate on:
Correct Answer: A
Explanation/Reference: Explanation: Audits are typically selected through a risk analysis process to concentrate on those areas of greatest risk and opportunity for improvements. Audit topics are supposed to be chosen based on potential for cost savings and service improvements.
