CISA Certified Information Systems Auditor – Question2090

Which of the following is the BEST way to identify the potential impact of a successful attack on an organization’s mission critical applications?

A.
Execute regular vulnerability scans
B. Conduct penetration testing
C. Perform an application vulnerability review
D. Perform an independent code review

Correct Answer: B