Home MCQs CISA Question #6859
Back to Questions
CISA QUESTION #6859
Question 1
An organization implements continuous monitoring for security compliance but management reviews compliance reports only quarterly. Critical non-compliance issues exist for weeks before management attention. What should be the PRIMARY recommendation?
  • Increase monitoring frequency
  • Implement real-time or daily alerting for critical non-compliance to enable timely response✔️
  • Reduce reporting frequency
  • Simplify reports
Correct Answer Explanation
Continuous monitoring provides real-time visibility, but value is lost if critical issues are not acted upon promptly. Quarterly reviews of continuous monitoring data means critical security gaps persist for extended periods. Management needs automated alerts for critical issues to enable rapid response that justifies continuous monitoring investment.