exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 1252 discussion

Actual exam question from Isaca's CISA
Question #: 1252
Topic #: 1
[All CISA Questions]

Which of the following would be of GREATEST concern to an IS auditor conducting an audit of an organization's network security with the focus of preventing system breaches?

  • A. Computer names are available to the Internet.
  • B. The data loss prevention (DLP) system does not monitor malicious incoming traffic.
  • C. Help desk personnel are able to remote into other external systems.
  • D. The guest wireless system does not have content filtering.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Vima234
6 months ago
Selected Answer: C
Given that the primary function of DLP systems is to prevent data loss rather than monitor incoming traffic, the correct focus should be on other network security issues when it comes to preventing system breaches. In this context, the GREATEST concern would be: C. Help desk personnel are able to remote into other external systems.
upvoted 1 times
...
Binagr8
7 months, 3 weeks ago
It is C. C. Help desk personnel are able to remote into other external systems. This is the greatest concern because it presents a significant security risk. If help desk personnel can remotely access external systems, it could lead to unauthorized access, data breaches, and potential insider threats. Such access could be exploited by malicious actors or could result in inadvertent security lapses, especially if proper controls, logging, and monitoring are not in place. It is NOT D because monitoring incoming malicious traffic is typically the role of other systems like IDS/IPS, firewalls, or antivirus solutions. The primary role of DLP is to prevent data leaks and not to monitor incoming malicious traffic.
upvoted 1 times
...
Swallows
8 months ago
Selected Answer: A
Having computer names publicly available poses a security risk by aiding attackers in targeting specific systems, which is a major concern as it provides a potential entry point for system compromise.
upvoted 1 times
choboanon
4 months ago
A computer name is not security. Changing the names of your PCs to hide what they do isn't security either, this isn't as much of a concern as youre making out it to be
upvoted 1 times
...
...
KAP2HURUF
1 year, 2 months ago
Selected Answer: B
Monitoring incoming traffic is crucial for detecting and preventing potential malicious activity, unauthorized access attempts, and data exfiltration. A lack of monitoring in the DLP system increases the risk of system breaches and can leave the network vulnerable to various security threats.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago