CISA Certified Information Systems Auditor – Question1125

Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?

A.
The testing could create application availability issues.
B. The testing may identify only known operating system vulnerabilities.
C. The issues identified during the testing may require significant remediation efforts.
D. Internal security staff may not be qualified to conduct application penetration testing.

Correct Answer: D