CISA Certified Information Systems Auditor – Question1600

An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

A.
The tools used to conduct the test
B. Certifications held by the IS auditor
C. Permission from the data owner of the server
D. An intrusion detection system (IDS) is enabled

Correct Answer: C

Explanation:

Explanation:
The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner’s responsibility for the security of the data assets.