ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 870 discussion

Actual exam question from Isaca's CISA
Question #: 870
Topic #: 1
[All CISA Questions]

An IS auditor is reviewing an organization’s incident management processes and procedures. Which of the following observations should be the auditor’s GREATEST concern?

  • A. Ineffective incident classification
  • B. Ineffective post-incident review
  • C. Ineffective incident prioritization
  • D. Ineffective incident detection
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ziutek_ at Dec. 11, 2022, 11:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Swallows
7 months, 2 weeks ago
Selected Answer: D
Incident management begins with the detection of events that affect user availability. If detection is ineffective, there is a risk that incidents will go undetected.
upvoted 1 times
...
KAP2HURUF
9 months, 2 weeks ago
Selected Answer: D
In summary, ineffective incident detection (Option D) is typically the greatest concern for an IS auditor in the context of incident management because it forms the foundation upon which all other incident management activities rely.
upvoted 1 times
...
SuperMax
1 year, 1 month ago
Selected Answer: C
When an IS (Information Systems) auditor is reviewing an organization's incident management processes and procedures, the auditor's GREATEST concern should typically be related to matters that directly impact the organization's ability to respond to and mitigate security incidents effectively. In this context, the GREATEST concern would typically be: C. Ineffective incident prioritization Effective incident prioritization is crucial in incident management. It involves assessing the severity and potential impact of incidents and determining which ones require immediate attention and which can be addressed later. If an organization has ineffective incident prioritization, it means they might not be able to allocate resources appropriately, respond to critical incidents in a timely manner, or efficiently manage their incident response efforts. This could result in significant security breaches or prolonged downtime.
upvoted 3 times
SuperMax
1 year, 1 month ago
While all the options (A, B, C, and D) are important aspects of incident management, ineffective incident prioritization can have the most severe consequences as it directly affects how an organization handles its most critical security incidents. However, it's essential to address all aspects of incident management for a comprehensive and effective security posture.
upvoted 1 times
...
...
3008
1 year, 5 months ago
Selected Answer: D
d is answer.
upvoted 1 times
...
Pakawat
1 year, 5 months ago
Selected Answer: A
A: Ineffective incident Classification (To classify incident impact and urgency come first.)
upvoted 1 times
...
BabaP
1 year, 5 months ago
Selected Answer: D
D is better
upvoted 1 times
...
kertyce
1 year, 8 months ago
D is the correct answer
upvoted 2 times
...
ziutek_
1 year, 10 months ago
Selected Answer: D
I go with D as it means we dont detect all inidents thatcreally occure
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago