ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 985 discussion

Actual exam question from Isaca's CISA
Question #: 985
Topic #: 1
[All CISA Questions]

An organization outsources its IT function to a third-party provider that supplies all hardware and support personnel. Which of the following poses the GREATEST risk that the provider's IT resources may not be available to meet the organization's objectives?

  • A. The service contract does not include penalty or termination provisions.
  • B. The service provider does not make independent audit reports available.
  • C. The service provider is located offshore.
  • D. Service level agreements (SLAs) are not established and monitored.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by 3008 at Aug. 15, 2023, 5:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
FAGFUR
5 months, 1 week ago
Selected Answer: D
The greatest risk that the provider's IT resources may not be available to meet the organization's objectives is associated with the absence or inadequacy of Service Level Agreements (SLAs). SLAs define the agreed-upon levels of service, including performance expectations, availability targets, response times, and other key metrics. If SLAs are not established or are not properly monitored, there is a significant risk that the service provider may not deliver the expected level of service, leading to potential disruptions in IT resources. The establishment and monitoring of SLAs are crucial for ensuring that the service provider meets the organization's objectives in terms of IT resource availability.
upvoted 3 times
...
3008
8 months, 1 week ago
Selected Answer: B
the primary concern of the IS auditor when an organization outsources a system to a cloud service provider should be ensuring the security and confidentiality of the organization's sensitive data. The lack of independent assurance from a third party is a valid concern, but physical security and compatibility issues are secondary concerns.
upvoted 2 times
SuperMax
6 months, 3 weeks ago
The absence of independent audit reports means that the organization does not have a reliable way to assess the performance and security of the third-party IT provider. Without these reports, it becomes difficult for the organization to verify that the provider is meeting its obligations, maintaining security standards, and delivering the promised IT services. This lack of transparency and accountability can lead to a higher risk of service disruptions or failures without the organization's knowledge, potentially impacting its objectives. While the other options (A, C, and D) also represent risks, the absence of independent audit reports can conceal a range of potential issues that could significantly disrupt IT services and, therefore, pose the greatest risk in this context.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago