ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 102 discussion

Actual exam question from Isaca's CISA
Question #: 102
Topic #: 1
[All CISA Questions]

During a review of an organization's network threat response process, the IS auditor noticed that the majority of alerts were closed without resolution.
Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the BEST way for the auditor to address this situation?

  • A. Further review closed unactioned alerts to identify mishandling of threats.
  • B. Reopen unactioned alerts and report to the audit committee.
  • C. Recommend that management enhance the policy and improve threat awareness training.
  • D. Omit the finding from the report as this practice is in compliance with the current policy.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by saado9 at March 31, 2023, 1:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
saado9
Highly Voted 1 year, 9 months ago
C. Recommend that management enhance the policy and improve threat awareness training.
upvoted 5 times
SBD600
1 year, 8 months ago
The IS auditor should review the closed unactioned alerts to determine if there was any mishandling of threats. This will help the auditor assess if the current policy and practice are effective and if there is a need for improvements in the threat response process. so answer is a
upvoted 6 times
...
...
1Naa
Most Recent 3 weeks, 2 days ago
Selected Answer: A
The auditor must verify whether the alerts truly lacked actionable intelligence or if they were improperly closed without thorough investigation. By analyzing the closed alerts, the auditor can: i.Identify potential false negatives or missed threats. ii.Assess whether the process for handling alerts is adequate and effective. iii.Determine if systemic issues exist, such as poor threat intelligence integration or inadequate training.
upvoted 1 times
...
PurpleParrot
3 months, 1 week ago
Selected Answer: C
option A only addresses the immediate concern, however, option C is the BEST way to address the situation.
upvoted 1 times
...
RS66
6 months, 2 weeks ago
Selected Answer: A
There might me some risks not resolved. You need to ivestigate further before enhancing policies and awareness.
upvoted 2 times
...
Swallows
7 months, 1 week ago
Selected Answer: C
While further reviewing closed unactioned alerts (Option A) could provide insights into specific instances of mishandling, recommending enhancements to the policy and training (Option C) addresses the underlying issue more comprehensively. It allows the organization to proactively improve its network threat response process rather than just reacting to past incidents.
upvoted 2 times
...
5b56aae
8 months, 3 weeks ago
Selected Answer: A
Further review
upvoted 1 times
...
OD1N
1 year, 1 month ago
why answer B?
upvoted 1 times
...
Bankyz
1 year, 5 months ago
By recommending that management enhances the policy and improves threat awareness training, the auditor addresses the underlying issues. Enhancing the policy can provide clearer guidelines and expectations for handling alerts, including criteria for closure. Improving threat awareness training can better equip the support team with the knowledge and skills to evaluate alerts effectively and take appropriate action.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago