CISA Certified Information Systems Auditor – Question0320

An IS auditor notes that several of a client’s servers are vulnerable to attack due to open unused ports and protocols. The auditor recommends management implement minimum security requirements. Which type of control has been recommended?

A.
Preventive
B. Corrective
C. Directive
D. Compensating

Correct Answer: A