CISA Certified Information Systems Auditor – Question0225

During an audit of information security procedures of a large retailer’s online store, an IS auditor notes that operating system (OS) patches are automatically deployed upon release. Which of the following should be of GREATEST concern to the auditor?

A.
Patches are in conflict with current licensing agreements.
B. Patches are pushed from the vendor increasing Internet traffic.
C. Patches are not reflected in the configuration management database.
D. Patches are not tested before installation on critical servers.

Correct Answer: D