ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 41 discussion

Actual exam question from Isaca's CISA
Question #: 41
Topic #: 1
[All CISA Questions]

During audit fieldwork, an IS auditor learns that employees are allowed to connect their personal devices to company-owned computers. How can the auditor
BEST validate that appropriate security controls are in place to prevent data loss?

  • A. Verify the data loss prevention (DLP) tool is properly configured by the organization.
  • B. Review compliance with data loss and applicable mobile device user acceptance policies.
  • C. Verify employees have received appropriate mobile device security awareness training.
  • D. Conduct a walk-through to view results of an employee plugging in a device to transfer confidential data.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Changwha at July 10, 2023, 2:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Eiad1100
1 month ago
Selected Answer: A
This is the most effective approach because a properly configured DLP tool can detect, prevent, and alert on unauthorized data transfers, including those involving personal devices. It directly addresses the risk of data loss by ensuring the system is actively monitoring and controlling sensitive information when employees connect personal devices to company-owned computers.
upvoted 1 times
...
Pumeza
2 months ago
a for alpha
upvoted 1 times
...
Lightfinger
2 months ago
Selected Answer: B
'Properly configured' is an ambiguous term. Review needs to be done against acceptable risks translated into policy documentation - Anwser B is correct.
upvoted 2 times
...
vyvi130
2 months, 1 week ago
Selected Answer: A
Answer: A
upvoted 1 times
...
BenHung
7 months, 2 weeks ago
The best answer is B. Review data loss and compliance with the applicable mobile device user acceptance policy. reason: Option A only focuses on the configuration of DLP tools without considering employee behavior and policy compliance. Option C. While important, insufficient employee awareness training does not necessarily result in data being lost. Option D, while testing employee responses to data loss, does not fully verify the effectiveness of all security controls.
upvoted 2 times
...
a84n
8 months, 2 weeks ago
Selected Answer: B
Answer: B
upvoted 1 times
...
5b56aae
8 months, 3 weeks ago
Selected Answer: A
A for me
upvoted 4 times
...
CISA2021
12 months ago
Selected Answer: B
Auditor is not responsible to verify or conduct the work, therefore, review is the answer here.
upvoted 4 times
...
Changwha
1 year, 6 months ago
B, This option addresses the overall framework and guidelines for managing risks associated with personal device usage, making it the best choice for validating security controls.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago