What is an IS auditor’s BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?

What is an IS auditor’s BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?
A . Implement a process to test and apply appropriate patches.
B . Apply available patches and continue periodic monitoring.
C . Configure servers to automatically apply available patches.
D . Remove unpatched devices from the network.

View Answer

Answer: A