CompTIA
CAS-001 · Question #190
CAS-001 Question #190: Real Exam Question with Answer & Explanation
The correct answer is C: Implement mandatory training. Following a failed COOP exercise revealing improper record disposal, the ISO should recommend mandatory training to correct employee behavior and a review of company procedures to address gaps in the documented process.
Question
financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/BCP tabletop exercise involving manual processing of financial transactions. Which of the following should be the Information Security Officer's (ISO's) recommendation? (Select TWO).
Options
- AWait for the external audit results
- BPerform another COOP exercise
- CImplement mandatory training
- DDestroy the financial transactions
- EReview company procedures
Explanation
Following a failed COOP exercise revealing improper record disposal, the ISO should recommend mandatory training to correct employee behavior and a review of company procedures to address gaps in the documented process.
Common mistakes.
- A. Waiting for external audit results is a passive response that does not remediate the identified deficiency and delays corrective action unnecessarily.
- B. Performing another COOP exercise before fixing the underlying training and procedure gaps would simply repeat the same failure without addressing its root cause.
- D. Destroying the financial transactions from the exercise is premature and potentially harmful to audit evidence; records may be needed for the audit and should be disposed of only through the correct approved procedures.
Concept tested. COOP exercise record disposal corrective action ISO response
Reference. https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
Community Discussion
No community discussion yet for this question.