Free ISACA CISA Actual Exam Questions - Question 13 Discussion
identifies several patches that were not tested before being put into production. Which of the
following is the MOST significant risk from this situation?
Not A, since losing application support is more about vendor issues, not untested patches. The real problem here is B—untested patches can break the system or open security holes.
B Untested patches directly threaten system integrity by introducing unknown errors or vulnerabilities. The other options are less immediate risks compared to the potential damage from faulty updates.
B/D? Risk to system integrity (B) is obvious, but if patches weren’t tested, it also hints at poor controls like developers possibly having production access (D), which can be a big security risk too.
D imo, since untested patches might mean developers pushed changes directly into production.
This situation screams risk of system integrity issues, so I go with B. Untested patches can cause unpredictable bugs or data corruption, which directly threatens the reliability of the application. Options like A and C seem off since support loss or outdated docs are less immediate concerns compared to a patch potentially breaking things. D could be a factor but the key problem here is the lack of testing itself, not necessarily who deployed the patches. So for me, B fits best as the biggest risk from skipping testing before production.
Maybe B makes the most sense here. If patches aren’t tested before going live, it’s likely to mess with system integrity-introduce bugs, corrupt data, or cause unexpected behavior. The other options seem less directly tied to untested changes.