Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CISA Topic 6 Question 89 Discussion

Actual exam question for Isaca's CISA exam
Question #: 89
Topic #: 6
[All CISA Questions]

An IS auditor reviewing the database controls for a new e-commerce system discovers a security weakness in the database configuration. Which of the following should be the IS auditor's NEXT course of action?

Show Suggested Answer Hide Answer
Suggested Answer: A

When an IS auditor discovers a security weakness in the database configuration, the next course of action should be to identify existing mitigating controls. This involves assessing whether any controls are already in place to address the weakness and mitigate the risk.Understanding the current state of controls helps the auditor determine the severity of the issue and whether additional corrective actions are necessary1.Reference:1(https://www.isaca.org/resources/insights-and-expertise/audit-programs-and-tools)


by Phil at Sep 17, 2024, 08:43 PM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Pearline
7 months ago
Option D? Really? That's like trying to put out a fire by throwing gasoline on it. Let's stick to the professional approach and go with B or C.
upvoted 0 times
Huey
6 months ago
C) Assist in drafting corrective actions.
upvoted 0 times
...
Dalene
6 months ago
B) Disclose the findings to senior management.
upvoted 0 times
...
Lonny
7 months ago
A) Identify existing mitigating controls.
upvoted 0 times
...
...
Ernestine
7 months ago
Wait, we can't just start exploiting the weakness, that's like trying to beat a video game by cheating. I'd go with option C - assist in drafting corrective actions to fix this properly.
upvoted 0 times
Winfred
6 months ago
Identifying existing mitigating controls could also be helpful in understanding the current state of security measures.
upvoted 0 times
...
Erick
6 months ago
It's important to work with the team to come up with a solution rather than trying to exploit the weakness.
upvoted 0 times
...
Georgiann
7 months ago
I agree, we should definitely help draft corrective actions to address the security weakness.
upvoted 0 times
...
...
Jacklyn
7 months ago
Hmm, I think option A is the way to go. Let's see if there are any existing controls that can mitigate the issue before we go nuclear and disclose it to the higher-ups.
upvoted 0 times
...
Coletta
7 months ago
Option B all the way! Transparency is key, and senior management needs to know about this weakness ASAP. Once they're aware, we can work on the corrective actions.
upvoted 0 times
...
Roslyn
7 months ago
I believe the IS auditor should also assist in drafting corrective actions to address the security weakness.
upvoted 0 times
...
Amber
7 months ago
Clearly, option D is a big no-no. We don't want to create more problems than we already have. I'd say B and C are the way to go - disclose it to management and help them fix it.
upvoted 0 times
Cortney
6 months ago
C) Assist in drafting corrective actions.
upvoted 0 times
...
Tenesha
7 months ago
B) Disclose the findings to senior management.
upvoted 0 times
...
Miles
7 months ago
A) Identify existing mitigating controls.
upvoted 0 times
...
...
Hannah
8 months ago
I agree with Mertie. Senior management needs to be aware of the security weakness.
upvoted 0 times
...
Mertie
8 months ago
I think the IS auditor should disclose the findings to senior management.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77
a