ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 371 discussion

Actual exam question from Isaca's CISA
Question #: 371
Topic #: 1
[All CISA Questions]

Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

  • A. Security policies are not applicable across all business units.
  • B. End users are not required to acknowledge security policy training.
  • C. The security policy has not been reviewed within the past year.
  • D. Security policy documents are available on a public domain website.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Changwha at July 16, 2023, 6:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
roxannebadenhorst
2 months, 1 week ago
Selected Answer: B
Requiring users to acknowledge security policy training is a fundamental step to verify that staff are informed and accountable for the organization's security policies. This step is critical because without confirmation that users have been trained and understand the policies, it is difficult to ensure compliance or detect and mitigate human errors or malicious activities that could undermine security.
upvoted 1 times
...
Sibsankar
7 months ago
100% D
upvoted 1 times
...
topikal
8 months, 2 weeks ago
Selected Answer: A
A is a greater concern than C
upvoted 1 times
...
JonnyBGood
9 months ago
Selected Answer: A
No having security policy in some business units is a great concern. Security policies do not necessarily have to be reviewed on a yearly basis.
upvoted 2 times
...
a84n
10 months, 1 week ago
Selected Answer: C
Answer: C A potential failure in the organization's governance process by not regularly reviewing and updating security policies. This lack of review could result in outdated policies that no longer address current threats or compliance requirements, leading to gaps in security and increased risk exposure Option A: It's more of a structural issue that needs to be addressed in the long term. option D: might not have an immediate impact on policy compliance if the policies themselves are up to date and effectively implemented.
upvoted 1 times
...
Sibsankar
1 year ago
may be D
upvoted 1 times
...
Changwha
1 year, 7 months ago
A. Security policies are not applicable across all business units.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago