An IS auditor notes that not all security tests were completed for an online sales system recently promoted to production. Which of the following is the auditor's BEST course of action?
A.
Determine exposure to the business.
B.
Increase monitoring for security incidents.
C.
Hire a third party to perform security testing.
My thoughts - Option A makes sense if question is about "Next" course of action.
Option B makes sense if question is about "Best" course of action.. Please correct if wrong..
While increasing monitoring for security incidents (option B) is important, it is more reactive than proactive and does not directly address the underlying issue of incomplete security testing. Determining exposure to the business provides a more comprehensive understanding of the potential risks and allows for targeted mitigation efforts. Therefore, it is the best course of action for the IS auditor in this scenario.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
maxson69
1 month, 3 weeks agoInfysenthil
1 year, 1 month agoSwallows
1 year, 2 months agotakuanism
1 year, 6 months agokGiGa
1 year, 8 months agoJONESKA
2 years agom4s7er
2 years, 6 months agoziutek_
2 years, 7 months agoMunaM
2 years, 11 months agogomboragchaa
2 years, 7 months agozuchwaly
2 years, 9 months ago