CISA Certified Information Systems Auditor – Question0242

An IS auditor finds that an organization’s data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor’s MAIN concern should be that:

A.
violations may not be categorized according to the organization’s risk profile.
B. violation reports may not be retained according to the organization’s risk profile.
C. violation reports may not be reviewed in a timely manner.
D. a significant number of false positive violations may be reported.

Correct Answer: A