Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 83 discussion

Actual exam question from Isaca's CISA
Question #: 83
Topic #: 1
[All CISA Questions]

An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor's BEST course of action?

  • A. Contact the incident response team to conduct an investigation.
  • B. Advise management of the crime after the investigation.
  • C. Examine the computer to search for evidence supporting the suspicions.
  • D. Notify local law enforcement of the potential crime before further investigation.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by PrinceAy at Oct. 12, 2022, 12:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
oldmagic
Highly Voted 1 year, 4 months ago
Selected Answer: A
For me, A is indeed correct. The auditor is not a forensic expert. Examining the computer directly may compromise key evidence.
upvoted 11 times
...
SRJ13
Highly Voted 1 year, 7 months ago
A. Contact the incident response team to conduct an investigation. The incident response team is responsible for handling security incidents and conducting investigations. They have the expertise and resources to properly investigate the suspected crime and gather evidence in a forensically sound manner. It is important to involve the incident response team as soon as possible to preserve any evidence and prevent further damage. Advising management of the crime after the investigation, examining the computer to search for evidence supporting the suspicions, and notifying local law enforcement of the potential crime before further investigation may compromise the investigation or result in the loss of important evidence.
upvoted 5 times
...
NoKev
Most Recent 3 months, 1 week ago
I don't think an IS auditor examines the computer
upvoted 2 times
...
5b56aae
7 months ago
Selected Answer: A
Forensic procedures should be done by the organization
upvoted 2 times
...
Swallows
7 months, 2 weeks ago
Selected Answer: A
The incident response team should be contacted as an initial response.
upvoted 2 times
...
lingtianx1127
7 months, 3 weeks ago
Definitely not C because checking other's computer is not IS auditor's job. I think A or B could be the answer.
upvoted 1 times
...
CISA2021
9 months, 4 weeks ago
Selected Answer: A
An IS auditors role is to observe and contact responsible, there A)
upvoted 2 times
...
acf4e9a
10 months, 2 weeks ago
Selected Answer: A
I don’t think auditor can perform the searches same as Incident response team therefore it will be inconclusive. On top, auditors role is not meant to perform this type but rather coordinate with relevant team. If auditor does IR job, it defeats the purpose of having IR team in the organisation. :) so the right answer should be A
upvoted 3 times
...
SuperMax
1 year, 2 months ago
Selected Answer: A
C. Contact the incident response team to conduct an investigation.
upvoted 2 times
...
3008
1 year, 2 months ago
Selected Answer: C
In case of doubt, the auditor looks for evidence. If confident, the auditor will report it to the incident response team.
upvoted 1 times
3008
11 months, 1 week ago
sorry, A is correct.
upvoted 3 times
...
...
007Georgeo
1 year, 6 months ago
Selected Answer: C
the evidence first
upvoted 2 times
CISA2021
9 months, 4 weeks ago
the question is about "..BEST course of action..", not about "first", therefore best and correct answer is A)
upvoted 2 times
...
...
MohamedAbdelaal
1 year, 6 months ago
Selected Answer: C
first of all, auditor need to gather sufficient evidences that support his suspicious, then the auditor shall communicate the conclusion reached with the audit client management, who in turn shall take the necessary corrective measures, like notifying the Incident Response Team
upvoted 3 times
cidigi
1 year, 3 months ago
an auditor wont physically go and check someones computer. Thats not his role..
upvoted 3 times
...
CISA2021
9 months, 4 weeks ago
the auditor maybe allready had sufficient evidences before he suspected that it was commit a crime
upvoted 1 times
...
...
ObaidMan
1 year, 10 months ago
Selected Answer: C
same as above comments
upvoted 2 times
...
MichaelHoang
1 year, 10 months ago
Selected Answer: C
In the first hand, the Auditor needs to have enough evidence first. Examination to have the evidence and confirm the suspect must be performed first before any other action. C is the correct answer here.
upvoted 2 times
...
Forever25
2 years, 1 month ago
Selected Answer: C
Keeping in mind that the Auditor should have enough evidence, suspecting is not enough so C should be the correct answer
upvoted 3 times
...
PrinceAy
2 years, 1 month ago
Selected Answer: C
In my opinion, no actual incident has been confirmed to occur yet, so the auditor needs more reasonable evidence to confirm his suspicions
upvoted 3 times
cidigi
1 year, 3 months ago
hence is asking IR to investigate. An auditor cant check someone's computer.. Usually, this is done by forensincs.
upvoted 4 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel