Isaca Certified Information Systems Auditor CISA Question # 13 Topic 2 Discussion

CISA Exam Topic 2 Question 13 Discussion:

Question #: 13

Topic #: 2

Which of the following is MOST important for the successful establishment of a security vulnerability management program?

A robust tabletop exercise plan

A comprehensive asset inventory

A tested incident response plan

An approved patching policy

Get Premium CISA Questions

Explanation

A comprehensive asset inventory is the most important factor for the successful establishment of a security vulnerability management program. A security vulnerability management program is a systematic process of identifying, assessing, prioritizing, and remediating vulnerabilities in the organization’s IT environment1. A comprehensive asset inventory is a complete and accurate record of all the hardware, software, and network components that the organization owns or uses2. A comprehensive asset inventory helps the organization to:

Know what assets are in scope for vulnerability scanning and assessment3.

Identify the vulnerabilities that affect each asset and their severity level4.

Prioritize the remediation of vulnerabilities based on the criticality and value of each asset.

Track the status and progress of vulnerability remediation for each asset.

Measure the effectiveness and maturity of the vulnerability management program.

A robust tabletop exercise plan is a simulated scenario that tests the organization’s preparedness and response capabilities for a potential cyberattack or incident. A tabletop exercise plan is useful for validating and improving the organization’s incident response plan, but it is not essential for establishing a security vulnerability management program.

A tested incident response plan is a documented process that defines the roles, responsibilities, and actions of the organization’s personnel in the event of a cyberattack or incident. A tested incident response plan is important for minimizing the impact and restoring normal operations after a security breach, but it is not critical for establishing a security vulnerability management program.

An approved patching policy is a set of rules and guidelines that governs how the organization applies patches and updates to its IT systems and applications. An approved patching policy is a key component of the remediation phase of the vulnerability management program, but it is not sufficient for establishing a security vulnerability management program.

Actual exam question for Isaca CISA exam by Dune5055 at Aug 3, 2025, 6:59:17 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Isaca Certified Information Systems Auditor CISA Question # 13 Topic 2 Discussion

Isaca Certified Information Systems Auditor CISA Question # 13 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Isaca Certified Information Systems Auditor CISA Question # 13 Topic 2 Discussion

Isaca Certified Information Systems Auditor CISA Question # 13 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval