🔥 3-day streak
ISC2 CCSP — Certified Cloud Security Professional123 / 124
Question 123 of 124

During a security review of an IaaS environment, an analyst discovers dozens of running virtual machines that no team claims ownership of. Several are missing from the configuration management database, are running outdated OS images, and have no assigned patching schedule. The security team is concerned about the risk these systems pose. Which infrastructure risk does this situation MOST directly represent, and what is the primary security consequence?

Reviewed for accuracy · Report an issueNext question