CISA Certified Information Systems Auditor – Question0100

During an IS audit, it is discovered that security configurations differ across the organization’s virtual server farm. Which of the following is the IS auditor’s BEST recommendation for improving the control environment?

A.
Conduct an independent review of each server’s security configuration
B. Implement a security configuration baseline for virtual servers
C. Implement security monitoring controls for high-risk virtual servers
D. Conduct a standard patch management review across the virtual server farm

Correct Answer: B