CISA Certified Information Systems Auditor – Question1105

An IT department has given a vendor remote access to the internal network for troubleshooting network performance problems. After discovering the remote activity during a firewall log review, which of the following is the BEST course of action for an information security manager?

A.
Revoke the access.
B. Review the related service level agreement (SLA).
C. Determine the level of access granted.
D. Declare a security incident.

Correct Answer: C