ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 230 discussion

Actual exam question from Isaca's CISA
Question #: 230
Topic #: 1
[All CISA Questions]

Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

  • A. Employees are not required to sign a non-compete agreement.
  • B. Security education and awareness workshops have not been completed.
  • C. Users lack technical knowledge related to security and data protection.
  • D. Desktop passwords do not require special characters.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Hhssuyy at Feb. 15, 2021, 4:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hhssuyy
Highly Voted 3 years, 8 months ago
Should be B. Users dont need to know about security and databases... They need to be aware of how to maintain their passwords etc.. via awareness training
upvoted 11 times
9akshay
3 years, 5 months ago
Agreed. Users can't be expected to have technical knowledge. Correct is B.
upvoted 4 times
ChaBum
8 months ago
Quite the opposite, users are expected to have minimal technical knowledge related to security and data protection, nothing in the question says they needs to have expert skills.
upvoted 1 times
...
...
...
yukli1998
Most Recent 1 month ago
Selected Answer: B
B, End users don't need to be technically savvy, but they do need to know what they can do to protect the organization's data and recognize security threats. The focus should be more on awareness rather than deep technical understanding.
upvoted 1 times
...
52cb16c
1 month, 4 weeks ago
Selected Answer: B
C is about the lack of technology, not the lack of skills. Users don’t need to know how to do the technical stuff. They just need to know how to do it. Education can be a starting point for communicating password policies and protecting data or information.
upvoted 1 times
...
a84n
6 months, 1 week ago
Selected Answer: C
Answer: C
upvoted 1 times
...
akosigengen
8 months, 1 week ago
B. Security Awareness is important on top of controls, process. this will not be effective if user is not educated about all of this.
upvoted 1 times
...
Changwha
1 year, 3 months ago
C. Users lack technical knowledge related to security and data protection.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago