CISA Certified Information Systems Auditor – Question0823

A web application is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?

A.
Penetration test results
B. Database application monitoring logs
C. Code review by a third party
D. Web application firewall implementation

Correct Answer: A