Which of the following presents the GREATEST threat to the security of an enterprise resource
planning (ERP) system?
A.
User ad hoc reporting is not logged
B.
Network traffic is through a single switch
C.
Operating system (OS) security patches have not been applied
D.
Database security defaults to ERP settings
Explanation:
The fact that operating system (OS) security patches have not been applied is a serious
weakness. Routing network traffic through a single switch is not unusual. Although the lack of
logging for user ad hoc reporting is not necessarily good, it does not represent as serious a
security- weakness as the failure to install security patches. Database security defaulting to the
ERP system’s settings is not as significant.