ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 366 discussion

Actual exam question from Isaca's CISA
Question #: 366
Topic #: 1
[All CISA Questions]

Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's bring your own device (BYOD) policy?

  • A. Not all devices are approved for BYOD.
  • B. The policy does not include the right to audit BYOD devices.
  • C. A mobile device management (MDM) solution is not implemented.
  • D. The policy is not updated annually.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by SBD600 at April 30, 2023, 3:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SBD600
Highly Voted 1 year, 2 months ago
Selected Answer: B
When reviewing an organization's bring your own device (BYOD) policy, the greatest concern for an IS auditor should be if the policy does not include the right to audit BYOD devices. This is crucial because it is essential for the organization to maintain visibility and control over the devices to ensure compliance with security policies, protect sensitive data, and maintain a secure environment.
upvoted 5 times
cidigi
6 months, 3 weeks ago
The devices do not belong to the organisation, they have no right to audit personal devices. :). The only thing an organisation can do regarding BYOD is to implement a MDM in case of loss or data leakage.
upvoted 3 times
...
Aly
1 year, 1 month ago
C: a mobile device management solution is critical in a BYOD environment as it allows the organization to enforce security policies, manage and monitor devices, and protect sensitive data. Without an MDM solution in place, the organization would have limited control and visibility over the devices connected to their network, increasing the risk of unauthorized access, data breaches, and other security incidents.
upvoted 3 times
...
...
Swallows
Most Recent 1 month ago
Selected Answer: C
The right to audit BYOD devices is crucial for ensuring compliance with security policies, identifying potential security breaches, and protecting sensitive data. Without the ability to audit BYOD devices, the organization lacks visibility into device usage, security configurations, and potential risks. This can lead to unauthorized access, data breaches, and compliance violations. While other concerns, such as the absence of a mobile device management (MDM) solution, are also important, the inability to audit BYOD devices presents a significant security and compliance risk. Without auditing capabilities, the organization cannot effectively monitor and enforce security policies, leaving it vulnerable to security incidents and data breaches.
upvoted 1 times
...
Rachy
5 months, 3 weeks ago
Selected Answer: C
C. That's the correct answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago