Questions around security with CNAME records


We have a client with some questions from their IT department about pointing their CNAME to

We have never had these kinds of questions before and think they are probably misdirected. Nonetheless if you could please try and answer them for us or send us back something we can forward on to the client to alleviate their concerns it would probably get us more business in the long run with these guys.

They are:

  • When did they last do a penetration test? How frequently do they do these? Is that specific web architecture included?
  • Do they know what OS is on the web server? Is that OS up to date?
  • What security controls do they have in place on their server?
  • How quickly would they know if they had a security issue?
  • Have they ever had a security issue or breach on any server they were responsible for?

Any quick advice would be appreciated.