CISA Certified Information Systems Auditor – Question3085

Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?

A.
Forensic audit
B. Penetration testing
C. Server security audit
D. Application security testing

Correct Answer: D