Addressing Unsupported Operating Systems
Question
An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems.
As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.C.
The correct answer for this question is B. Project plans relating to the replacement of the servers that were approved by management.
Explanation: The question states that an audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems. This is a significant security risk as unsupported operating systems do not receive security updates and patches from the vendor, which leaves the servers vulnerable to attacks.
As part of the management response phase of the audit, the organization needs to demonstrate that senior management is appropriately aware of and addressing the issue. The BEST way to demonstrate this is to provide project plans relating to the replacement of the servers that were approved by management.
Project plans indicate that the organization is taking a proactive approach to addressing the issue of unsupported operating systems. This shows that senior management is aware of the issue and is taking steps to mitigate the risk. Project plans typically include timelines, budgets, and resource allocations, which further demonstrate that the organization is committed to addressing the issue.
The other options provided as answers are not as effective in demonstrating senior management's awareness and commitment to addressing the issue. Copies of prior audits that did not identify the servers as an issue (A) are not relevant to the current situation and do not indicate that the organization is taking action to address the issue. Minutes from meetings in which risk assessment activities addressing the servers were discussed (C) may show that the issue was discussed, but they do not show any action taken to address the issue. ACLs from perimeter firewalls showing blocked access to the servers (D) may indicate that the organization is aware of the issue, but they do not demonstrate that senior management is addressing the issue. Copies of change orders relating to the vulnerable servers (E) may show that some action was taken, but they do not demonstrate a proactive approach to addressing the issue.
