CISA Certified Information Systems Auditor – Question1925

An IS auditor is performing an audit of a large organization’s operating system maintenance procedures. Which of the following findings presents the GREATEST risk?

A.
Some internal servers cannot be patched due to software incompatibility.
B. The configuration management database is not up-to-date.
C. Vulnerability testing is not performed on the development servers.
D. Critical patches are applied immediately while others follow quarterly release cycles.

Correct Answer: C