CISA Certified Information Systems Auditor – Question0329

What should an IS auditor review FIRST when assessing the results of a recent penetration test to identify potential vulnerabilities?

A.
Skill level of the network support staff
B. Parameters of the test
C. Number of critical issues found
D. Incident response process

Correct Answer: B