CISA Certified Information Systems Auditor – Question0098

An IS auditor is assessing risk associated with peer-to-peer file sharing within an organization. Which of the following should be of GREATEST concern?

A.
File-sharing policies have not been reviewed since last year
B. Only some employees are required to attend security awareness training
C. Not all devices are running antivirus programs
D. The organization does not have an efficient patch management process

Correct Answer: C