Download CISA Examtopics 301-400 Exam Questions with Verified Answers,100% CORRECT and more Exams Information and Communications Technology (ICT) in PDF only on Docsity! CISA examtopics 301-400 Exam Questions with Verified Answers 301. An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor? A. Using a third-party provider to host and manage content B. Lack of guidance on appropriate social media usage and monitoring C. Negative posts by customers affecting the organization's image D. Reduced productivity of stuff using social media - CORRECT ANSWER B. Lack of guidance on appropriate social media usage and monitoring 302.* An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices. Internal audit would MOST likely recommend the standards should be: A. based on the business requirements for confidentiality of the information. B. aligned with the organization's segregation of duties requirements. C. based on the results of an organization-wide risk assessment. D. based on the business requirements for authentication of the information. - CORRECT ANSWER C. based on the results of an organization-wide risk assessment. (examtopics + freecram + exam-answer + 50 % voted) 303. An organization considers implementing a system that uses a technology that is not in line with the organization's IT strategy. Which of the following is the BEST justification for deviating from the IT strategy? A. The system makes use of state-of-the-art technology. B. The system has a reduced cost of ownership. C. The organization has staff familiar with the technology. D. The business benefits are achieved even with extra costs. * - CORRECT ANSWER D. The business benefits are achieved even with extra costs. (freecram + examtopics) 304. An organization is running servers with critical business applications that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization's management to monitor the ongoing adequacy of the uninterruptible power supply (UPS)? A. Duration and interval of the power outages B. Business impact of server downtime C. Number of servers supported by the UPS D. Mean time to recover servers after failure - CORRECT ANSWER B. Business impact of server downtime (Most Voted *5 + pupuweb) A. Duration and interval of the power outages (freecram + examtopics) Organization's management can monitor the ongoing adequacy of the uninterruptible power supply (UPS). This information helps them understand if the UPS capacity is sufficient to provide power during outages and prevent downtime. 305. An organization implemented a cybersecurity policy last year. Which of the following is the GREATEST indicator that the policy may need to be revised? A. A significant increase in authorized connections to third parties B. A significant increase in cybersecurity audit findings C. A significant increase in external attack attempts D. A significant increase in approved exceptions - CORRECT ANSWER D. A significant increase in approved exceptions (examtopics + exam-answer) By recruiting additional IS staff, the project team can augment its capacity and address the staff shortage. This helps in distributing the workload, improving productivity, and ensuring that the project can progress at an appropriate pace without compromising quality. The additional staff can contribute their expertise and skills, reducing the risk of errors, oversights, and rushed development practices that can negatively impact system quality. 309.* When reviewing past results of a recurring annual audit, an IS auditor notes that findings may not have been reported and independence may not have been maintained. Which of the following IS the auditor's BEST course of action? A. Reevaluate internal controls B. Re-perform past audits to ensure independence C. Inform senior management D. Inform audit management - CORRECT ANSWER D. Inform audit management (examtopics + freecram + 2 voted) 310. An information systems security officer's PRIMARY responsibility for business process applications is to: A. create role-based rules for each business process. B. approve the organization's security policy. C. ensure access rules agree with policies. D. authorize secured emergency access. - CORRECT ANSWER C. ensure access rules agree with policies. (Most Voted *11 100% + pupuweb + exampracticetests + exam-answer) https://www.exam-answer.com/information-systems-security-officer-primary- responsibility-business-process-applications 311.* Coding standards provide which of the following? A. Access control tables B. Data flow diagrams C. Field naming conventions D. Program documentation - CORRECT ANSWER C. Field naming conventions pupuweb + examtopics 312. During which IT project phase is it MOST appropriate to conduct a benefits realization analysis? A. Post-implementation review phase B. Design review phase C. User acceptance testing (UAT) phase D. Final implementation phase - CORRECT ANSWER A. Post-implementation review phase 313. Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering. Which type of testing is MOST important to ensure the security of the application prior to go-live? A. Stress testing B. User acceptance testing (UAT) C. Vulnerability testing D. Regression testing - CORRECT ANSWER C. Vulnerability testing (freecram + GPT + most voted * 5) 314. During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action? A. Add testing of third-party access controls to the scope of the audit. B. Plan to test these controls in another audit. C. Determine whether the risk has been identified in the planning documents. D. Escalate the deficiency to audit management. - CORRECT ANSWER D. Escalate the deficiency to audit management. (exam-answer) Escalating the deficiency to audit management is the BEST course of action because it allows the auditor to report the issue to higher management and obtain their support to address the deficiency. C. Determine whether the risk has been identified in the planning documents. (pupuweb + examtopics) 315. What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan? A. Identify and prioritize audit areas B. Determine the existence of controls in audit areas C. Provide assurance material items will be covered D. Decide which audit procedures and techniques to use * - CORRECT ANSWER A. Identify and prioritize audit areas 316. An employee transfers from an organization's risk management department to become the lead IS auditor. While in the risk management department, the employee helped develop the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor? A. Evaluating the effectiveness of IT risk management processes B. Recommending controls to address the IT risks identified by KPIs C. Developing KPIs to measure the internal audit team D. Training the IT audit team on IT risk management processes - CORRECT ANSWER C. Developing KPIs to measure the internal audit team (exam-answer + GPT + most voted) When an employee moves from one department to another, there is a potential risk that their previous role may influence their current role and create a conflict of interest. In this case, the employee helped develop the KPIs that are now being used by the organization, and these KPIs are being used to measure the effectiveness of the internal audit team. This means that the auditor may be A USB device containing sensitive production data was lost by an employee, and its contents were subsequently found published online. Which of the following controls is the BEST recommendation to prevent a similar recurrence? A. Monitoring data being down loaded on USB devices B. Using a strong encryption algorithm C. Training users on USB device security D. Electronically tracking portable devices - CORRECT ANSWER C. Training users on USB device security (pupuweb + 1 voted) B. Using a strong encryption algorithm (examtopics + 1 voted) 323. During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents theGREATEST risk to the organization? A. Human resource cost of responding to the incident B. Business disruption if a data restore cannot be completed C. Reputational damage due to potential identity theft D. The cost of recreating the missing backup tapes - CORRECT ANSWER C. Reputational damage due to potential identity theft 324 An organization uses multiple offsite data center facilities. Which of the following is MOST important to consider when choosing related backup devices and media? A. Associated costs B. Standardization C. Backup media capacity D. Restoration speed * - CORRECT ANSWER D. Restoration speed (pupuweb + GPT + 6 voted) Correct Answer: B 325.* Which of the following is MOST important to determine when conducting a post- implementation review? A. Whether the solution architecture complies with IT standards B. Whether success criteria have been achieved C. Whether lessons learned have been documented D. Whether the project has been delivered within the approved budget * - CORRECT ANSWER B. Whether success criteria have been achieved 326.* While reviewing an organization's business continuity plan (BCP), an IS auditor observes that a recently developed application is not included. The IS auditor should: A. ensure that the criticality of the application is determined. B. include in the audit findings that the BCP is incomplete. C. recommend that the application be incorporated in the BCP. D. ignore the observation as the application is not mission critical. - CORRECT ANSWER A. ensure that the criticality of the application is determined. (examtopics + pupuweb + freecram) 327.* Data anonymization helps to prevent which types of attacks in a big data environment? A. Man-in-the-middle B. Denial of service (DoS) C. Correlation D. Spoofing - CORRECT ANSWER anonymization 匿名化 C. Correlation Correlation attacks involve analyzing multiple datasets or combining different sources of data to uncover sensitive or personally identifiable information. By anonymizing the data, the relationships between individuals, their attributes, and their activities are obfuscated, making it difficult for attackers to perform correlation attacks and gain insights into personal information. 328. During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to: A. note the noncompliance in the audit working papers. B. determine why the procedures were not followed. C. issue an audit memorandum identifying the noncompliance. D. include the noncompliance in the audit report. - CORRECT ANSWER B. determine why the procedures were not followed. 329. The PRIMARY objective of IT service level management is to: A. improve IT cost control. B. manage computer operations activities. C. satisfy customer requirements. D. increase awareness of IT services. - CORRECT ANSWER C. satisfy customer requirements. 330. The use of which of the following would BEST enhance a process improvement program? A. Balanced scorecard B. Project management methodologies C. Capability maturity models D. Model-based design notations * - CORRECT ANSWER C. Capability maturity models (examtopics + freecram) A. Balanced scorecard (pupuweb) 331.* 336.* To create a digital signature in a message using asymmetric encryption, it is necessary to: A. encrypt the authentication sequence using a public key. B. first use a symmetric algorithm for the authentication sequence. C. transmit the actual digital signature in unencrypted clear text. D. encrypt the authentication sequence using a private key. - CORRECT ANSWER D. encrypt the authentication sequence using a private key. (examtopics + 3 voted + GPT) Asymmetric Encryption Sender uses a public key to encrypt the data Receiver uses the private key to decrypt the encrypted data. For Signing Sender uses private key to create the message's signature Receiver uses public key to verify the signature. A. encrypt the authentication sequence using a public key. (freecram) 337. During an audit of an access control system, an IS auditor finds that RFID card readers are not connected via the network to a central server. Which of the following is the GREATEST risk associated with this finding? A. Lost or stolen cards cannot be disabled immediately. B. Card reader firmware updates cannot be rolled out automatically. C. The system is not easily scalable to accommodate a new device. D. Incidents cannot be investigated without a centralized log file. - CORRECT ANSWER A. Lost or stolen cards cannot be disabled immediately. Invoking a business continuity plan (BCP) is demonstrating which type of control? A. Preventive B. Corrective C. Directive D. Detective - CORRECT ANSWER B. Corrective 339. When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case? A. Project plan B. Requirements analysis C. Implementation plan D. Project budget provisions - CORRECT ANSWER B. Requirements analysis 340.* The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders. Which of the following is the BEST way for management to enforce implementation of the recommendations? A. Copy senior management on communications related to the audit B. Have stakeholders develop a business case for control changes C. Assign ownership to each remediation activity D. Request auditors to design a roadmap for closure - CORRECT ANSWER C. Assign ownership to each remediation activity 341.* Internal audit is conducting an audit of customer transaction risk. Which of the following would be the BEST reason to use data analytics? A. Transactional data is contained in multiple discrete systems that have varying levels of reliability. B. Anomalies and risk trends in the data set have yet to be defined. C. The audit is being performed to comply with regulations requiring periodic random sample testing. D. The audit focus is on a small number of predefined high-risk transactions. - CORRECT ANSWER B. Anomalies and risk trends in the data set have yet to be defined. (exam-answer + 12 voted) From CRM 27th, An IS auditor can use data analytics for the following purposes: • Identification of areas where poor data quality exists • Performance of risk assessment at the planning phase of an audit Reason for data analytics: Help identify anomalies & trends in large volumes of transactional data that may not be readily apparent through traditional audit procedures. By analyzing data, internal auditors can identify patterns & outliers potential fraud, errors, or other risks. Help auditors focus their efforts on areas that pose the greatest risk to the organization, enabling them to provide more effective and efficient audit coverage. 342. Critical processes are not defined in an organization's business continuity plan (BCP). Which of the following would have MOST likely identified the gap? A. Updating the risk register B. Reviewing the business continuity strategy C. Reviewing the business impact analysis (BIA) D. Testing the incident response plan - CORRECT ANSWER C. Reviewing the business impact analysis (BIA) 343. When auditing the closing stages of a system development project, which of the following should be the MOST important consideration? A. Rollback procedures B. Control requirements C. User acceptance test (UAT) results D. Functional requirements documentation - CORRECT ANSWER C. User acceptance test (UAT) results (freecram + examtopics + GPT) 344. When conducting a post-implementation review of a new software application, an IS auditor should be MOST concerned with an increasing number of: A. change requests approved to add new services. B. updates required for the end-user operations manual. C. operational errors impacting service delivery. D. help desk calls requesting future enhancements. * - CORRECT ANSWER C. operational errors impacting service delivery. (coursehero + freecram) 351. When an IS auditor evaluates key performance indicators (KPIs) for IT initiatives, it is MOST important that the KPIs indicate: A. IT deliverables are process driven. B. IT objectives are measured. C. IT resources are fully utilized. D. IT solutions are within budget. - CORRECT ANSWER B. IT objectives are measured. 352. In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed? A. Reporting B. Attacks C. Discovery D. Planning - CORRECT ANSWER DNS interrogation = DNS詢問 C. Discovery 353. Which type of control is being implemented when a biometric access device is installed at the entrance to a facility? A. Preventive B. Deterrent C. Corrective D. Detective - CORRECT ANSWER A. Preventive 354. * Which of the following would an IS auditor consider the GREATEST risk associated with a mobile workforce environment? A. Loss or damage to the organization's assets B. Lack of compliance with organizational policies C. Decrease in employee productivity and accountability D. Inability to access data remotely - CORRECT ANSWER A. Loss or damage to the organization's assets (7 voted + GPT) D. Inability to access data remotely ( examtopics + freecram) 355. Which of the following key performance indicators (KPIs) provides stakeholders with the MOST useful information about whether information security risk is being managed? A. The number of security controls implemented B. Time from identifying security threats to implementing solutions C. Time from security log capture to log analysis D. The number of entries in the security risk register - CORRECT ANSWER B. Time from identifying security threats to implementing solutions 356.* Which of the following is MOST important when implementing a data classification program? A. Planning for secure storage capacity B. Understanding the data classification levels C. Formalizing data ownership D. Developing a privacy policy - CORRECT ANSWER C. Formalizing data ownership (examtopics + passeidireto + freecram) 357. Which of the following is an IS auditor's BEST recommendation to help an organization increase the efficiency of computing resources? A. Hardware upgrades B. Real-time backups C. Virtualization D. Overclocking the central processing unit (CPU) - CORRECT ANSWER C. Virtualization (exam-answer + pupuweb + examtopics) Overclocking = 超頻 Virtualization allows multiple operating systems to run on a single physical machine simultaneously. This means that multiple virtual machines can be created on a single physical machine, which can be used to increase efficiency and maximize computing resources. which can lead to cost savings by reducing the number of physical machines needed to run its operations. 358.* Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project? A. Sign-off from the IT team B. Quality assurance (QA) review C. Ongoing participation by relevant stakeholders D. Expected deliverables meeting project deadlines * - CORRECT ANSWER C. Ongoing participation by relevant stakeholders (examtopics + coursehero + freecram) 359.* Which of the following is the BEST data integrity check? A. Tracing data back to the point of origin B. Performing a sequence check C. Counting the transactions processed per day A. To verify that risks listed in the audit report have been properly mitigated B. To ensure senior management is aware of the audit findings C. To identify new risks and controls for the organization D. To align the management action plans with business requirements - CORRECT ANSWER A. To verify that risks listed in the audit report have been properly mitigated 364.* Which of the following is the BEST use of a balanced scorecard when evaluating IT performance? A. Determining compliance with relevant regulatory requirements B. Monitoring alignment of IT with the rest of the organization C. Evaluating implementation of the business strategy D. Monitoring alignment of the IT project portfolio to budget * - CORRECT ANSWER C. Evaluating implementation of the business strategy BSC is strategic performance measurement framework that helps organizations assess the extent to which their activities align with the overall business strategy. By using BSC, IT performance can be evaluated based on how well it contributes to and aligns with the organization's business strategy. Why Not B: BSC provides a more comprehensive framework that encompasses strategic alignment as one of the dimensions. (alignment of IT ) Why not D: d) is a more specific aspect of financial performance management rather than a comprehensive evaluation of IT performance. 365. Which of the following is the MOST appropriate role for an IS auditor assigned as a team member for a software development project? A. Implementing controls within the software B. Developing user acceptance testing (UAT) scripts C. Performing a mid-term evaluation of the project management process D. Monitoring assessed risk for the project - CORRECT ANSWER D. Monitoring assessed risk for the project (Most Voted *8 + freecram + GPT) 366.* Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's bring your own device (BYOD) policy? A. Not all devices are approved for BYOD. B. The policy does not include the right to audit BYOD devices. C. A mobile device management (MDM) solution is not implemented. D. The policy is not updated annually. * - CORRECT ANSWER C. A mobile device management (MDM) solution is not implemented. (examtopics + freecram) Mobile device management solution is critical in a BYOD environment as it allows the organization to enforce security policies, manage and monitor devices, and protect sensitive data. Without an MDM solution in place, the organization would have limited control and visibility over the devices connected to their network, increasing the risk of unauthorized access, data breaches, and other security incidents. 367.* Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets? A. Information assets should only be accessed by persons with a justified need. B. All information assets must be encrypted when stored on the organization's systems. C. Any information assets transmitted over a public network must be approved by executive management. D. All information assets will be assigned a clearly defined level to facilitate proper employee handling. - CORRECT ANSWER D. All information assets will be assigned a clearly defined level to facilitate proper employee handling. (pupuweb + examtopics) 368. Which of the following information security requirements BEST enables the tracking of organizational data in a bring your own device (BYOD) environment? A. Employees must immediately report lost or stolen mobile devices containing organizational data. B. Employees must use auto-lock features and complex passwords on personal devices. C. Employees must sign acknowledgment of the organization's mobile device acceptable use policy. D. Employees must enroll their personal devices in the organization's mobile device management program. - CORRECT ANSWER D. Employees must enroll their personal devices in the organization's mobile device management program. 369.* Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall? A. Logs are being collected in a separate protected host. B. Access to configuration files is restricted. C. Automated alerts are being sent when a risk is detected. D. Insider attacks are being controlled - CORRECT ANSWER B. Access to configuration files is restricted. B). critical factor to ensure the effectiveness and security of a firewall. Firewall configuration files contain the rules and settings that determine how the firewall filters and controls network traffic. If unauthorized individuals gain access to these files, they can potentially manipulate the firewall settings, bypass security measures, or introduce vulnerabilities. 370. Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls? A. Backup procedures are not documented. B. Weekly and monthly backups are stored onsite. C. Notifications to law enforcement D. Procedures to analyze evidence - CORRECT ANSWER D. Procedures to analyze evidence The analysis of evidence helps determine the nature and scope of the breach, identify the vulnerabilities exploited, and gather insights into the attacker's methods and motives. It aids in understanding the impact of the breach and formulating an appropriate response. Why procedures to analyze evidence are of utmost importance: 1. Root cause identification 2. Scope assessment 3. Forensic investigation B. Chain of custody: The chain of custody is crucial for maintaining the integrity of the evidence, but it is a component of evidence handling and does not directly determine the investigation's success or the breach's understanding. 377. Which of the following indicates that an internal audit organization is structured to support the independence and clarity of the reporting process? A. The internal audit manager has a reporting line to the audit committee. B. The internal audit manager reports functionally to a senior management official. C. Auditors are responsible for assessing and operating a system of internal controls. D. Auditors are responsible for performing operational duties or activities. - CORRECT ANSWER clarity 明晰 A. The internal audit manager has a reporting line to the audit committee. 378.* Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices? A. Digital signatures B. Public key infrastructure (PKI) C. Hash algorithms D. Kerberos - CORRECT ANSWER B. Public key infrastructure (PKI) PKI is a comprehensive system that uses asymmetric encryption & digital certificates to secure communications and ensure the confidentiality, integrity, and authenticity of data. why PKI is the best choice for this scenario: 1. Encryption: PKI employs asymmetric encryption 2. Digital certificates: PKI uses digital certificates to verify the identities of participants in the communication. 3. Trust hierarchy: PKI establishes a trust hierarchy with root CAs at the top, followed by intermediate CAs and end-entity certificates. A. Digital signatures Used for data integrity and authentication purposes, ensuring that the data has not been tampered (被竄改) with and verifying the identity of the sender. While they provide important security features, they do not directly protect the confidentiality of data during transit. 379. Which of the following is MOST likely to ensure that an organization's systems development meets its business objectives? A. Business owner involvement B. A project plan with clearly identified requirements C. A focus on strategic projects D. Segregation of systems development and testing * - CORRECT ANSWER A. Business owner involvement 380. Which of the following is MOST important to review when planning for an IS audit of an organization's cross-border data transfers? A. Previous external audit reports B. Applicable regulatory requirements C. Offshore supplier risk assessments D. Long-term IS strategy * - CORRECT ANSWER B. Applicable regulatory requirements 381. Which of the following is MOST likely to be a project deliverable of an agile software development methodology? A. Automated software programming routines B. Rapidly created working prototypes C. Extensive project documentation D. Strictly managed software requirements baselines - CORRECT ANSWER B. Rapidly created working prototypes 382.* Which of the following is the BEST way to mitigate the risk associated with malicious changes to binary code during the software development life cycle (SDLC)? A. Parity check B. Digital envelope C. Cryptographic hash D. Segregation of duties - CORRECT ANSWER C. Cryptographic hash They will develop hash for every version so if source code is changed the hash will be no longer valid 383. Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction? A. Limit check B. Reasonableness check C. Validity check D. Parity check * - CORRECT ANSWER C. Validity check Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department? A. Including the creator's user ID as a field in every transaction record created B. Ensuring that audit trails exist for transactions C. Restricting access to update programs to accounts payable staff only D. Restricting program functionality according to user security profiles * - CORRECT ANSWER D. Restricting program functionality according to user security profiles. (pupuweb + freecram + examtopics) 390. Which of the following reports would provide the GREATEST assurance to an IS auditor about the controls of a third party that processes critical data for the organization? A. Independent control assessment B. Black box penetration test report C. The third party's control self-assessment (CSA) D. Vulnerability scan report * - CORRECT ANSWER A. Independent control assessment 391. * Which of the following is the BEST indicator of the effectiveness of signature- based intrusion detection systems (IDSs)? A. An increase in the number of internally reported critical incidents B. An increase in the number of unfamiliar sources of intruders C. An increase in the number of identified false positives D. An increase in the number of detected incidents not previously identified - CORRECT ANSWER D. An increase in the number of detected incidents not previously identified (examtopics + pupuweb + GPT) Signature-based IDSs - Comparing network traffic or system activity against a database of known attack signatures - Goal is to detect & identify known threats based on these signatures - Increase in number of detected incidents that were not previously identified = Effectiveness of signature-based IDS. A. = 內部報告的嚴重事件數量增加, does not specifically address the effectiveness of the IDS itself. 392. * Which of the following should be done by an IS auditor during a post- implementation review of a critical application that has been operational for six months? A. Test program system interfaces. B. Verify the accuracy of data conversions. C. Assess project management risk reports. D. Examine project change request logs. - CORRECT ANSWER D. Examine project change request logs. (freecram + examtopics + voted *3) Allows auditor to review any changes made to application after go live. Examining change request logs helps assess whether changes were properly authorized, documented & tested, and whether they have had any unexpected impacts on the system's performance or security. Provides insights into the change management process, which is a crucial aspect of maintaining the application's stability and integrity. B. Verify the accuracy of data conversions. (Most voted *4 + GPT) This involves assessing whether data from the previous system was accurately converted and transferred to the new system without any errors or discrepancies. It helps ensure the integrity & reliability of the data within the critical application. 393. Which of the following types of testing would BEST mitigate the risk of a newly implemented system adversely impacting existing systems? A. User acceptance testing (UAT) B. Functionality testing C. Sociability testing D. Unit testing - CORRECT ANSWER C. Sociability testing 394.* Which of the following would be of GREATEST concern to an IS auditor reviewing an organization's security incident handling procedures? A. Annual tabletop exercises are performed instead of functional incident response exercises. B. Roles for computer emergency response team (CERT) members have not been formally documented. C. Guidelines for prioritizing incidents have not been identified. D. Workstation antivirus software alerts are not regularly reviewed. - CORRECT ANSWER C. Guidelines for prioritizing incidents have not been identified. KW: security incident handling procedures (freecram + examtopics + Most voted) emphasis is on "incident handling procedures", what does it has to do with antivirus not been reviewed on regular basis. when testing incidents auditors are more concerned that they are critical incidents monitored and resolved. https://www.examtopics.com/discussions/isaca/view/30959-exam-cisa-topic-1- question-1464-discussion/ 395.* Which of the following is the MOST important consideration for an organization when strategizing to comply with privacy regulations? A. Ensuring up-to-date knowledge of where customer personal data is saved. B. Ensuring there are staff members with in-depth knowledge of the regulations. C. Ensuring regular access recertification to information systems.