CISA Certified Information Systems Auditor – Question1236

When conducting a follow-up audit on an organization’s firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:

A.
consider the follow-up audit unnecessary since the firewall is no longer being used.
B. assess whether the integrated system addresses the identified risk.
C. review the compatibility of the new system with existing network controls.
D. evaluate whether current staff is able to support the new system.

Correct Answer: B