An auditor finds that a company's 'Incident Response Plan' has not been tested or updated in 3 years. What is the primary recommendation?

Answer options:

Rewrite the plan immediately.

Conduct a tabletop exercise to test the plan and update it based on lessons learned.

Wait for a real incident to test the plan.

Purchase cyber insurance.

How to approach this question

Identify the best practice for maintaining plans.

Full Answer

B.Conduct a tabletop exercise to test the plan and update it based on lessons learned.✓ Correct

Conduct a tabletop exercise to test the plan and update it based on lessons learned.

A tabletop exercise is a discussion-based session where team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular situation.

Common mistakes

None usually.

Question 81 All questions

Practice the full CPA ISC Practice Exam 2

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll platform where clients access the software ...Medium Q02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...Hard Q03During a walkthrough of the change management process, an auditor observes that developers have w...Medium Q04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...Hard Q05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium

View all 82 questions →