New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISA Exam - Topic 5 Question 103 Discussion

Actual exam question for Isaca's CISA exam
Question #: 103
Topic #: 5
[All CISA Questions]

Which of the following poses the GREATEST risk to an organization when employees use public social networking sites?

Show Suggested Answer Hide Answer
Suggested Answer: C

Social engineering is the manipulation of people to perform actions or divulge confidential information. It is a common technique used by attackers to gain unauthorized access to systems or data. Employees who use public social networking sites may be vulnerable to social engineering attacks, such as phishing, baiting, or pretexting, which pose the greatest risk to the organization's security.The other options are not as serious as social engineering, as they relate to web application vulnerabilities, intellectual property rights, and reputation management, which are less likely to compromise the organization's assets or operations.Reference:CISA Review Manual (Digital Version), Domain 5: Protection of Information Assets, Section 5.3 Security Awareness Training1


by Bernadine at Jul 14, 2025, 02:09 PM

Limited Time Offer

25%

Off

Get Premium CISA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Deonna
2 months ago
Wait, are adverse posts really that impactful?
upvoted 0 times
...
Tammy
2 months ago
XSS isn't as common in social media, right?
upvoted 0 times
...
Lezlie
2 months ago
Social engineering is a huge risk!
upvoted 0 times
...
Theola
3 months ago
I think adverse posts can really damage a brand.
upvoted 0 times
...
Luisa
3 months ago
Copyright violations are often overlooked, but they're serious!
upvoted 0 times
...
Selma
3 months ago
Copyright violations might not seem as urgent, but they can lead to legal issues. I wonder if that could be considered a greater risk than the others.
upvoted 0 times
...
Mila
3 months ago
Cross-site scripting sounds familiar, but I can't recall how it specifically relates to social networking. Is it really a major concern?
upvoted 0 times
...
Denise
4 months ago
I remember a practice question that mentioned adverse posts damaging a company's reputation. That seems pretty serious too.
upvoted 0 times
...
Lemuel
4 months ago
I think social engineering could be a big risk since it involves manipulating employees directly. But I'm not entirely sure if it's the greatest risk.
upvoted 0 times
...
Nicolette
4 months ago
I'm confident the answer is C. Social engineering is a major concern when employees are using public social media for work purposes. That opens up the organization to all kinds of potential attacks.
upvoted 0 times
...
Rebbecca
4 months ago
B - copyright violations seems like the least risky option here. I don't think that would pose as big of a threat as the other choices.
upvoted 0 times
...
Lyndia
4 months ago
I'm leaning towards A - cross-site scripting (XSS). If employees are posting on public sites, their accounts could be compromised and used to inject malicious code into the organization's systems.
upvoted 0 times
...
Virgina
4 months ago
Hmm, I'm not sure. I was thinking maybe D - adverse posts about the organization could be the biggest risk. That kind of negative publicity could really damage the company's reputation.
upvoted 0 times
...
Arlean
5 months ago
I think the answer is C - social engineering. Employees using public social media could be tricked into revealing sensitive information that could be used to attack the organization.
upvoted 0 times
...
Erasmo
7 months ago
That's true, social engineering can be a big risk too.
upvoted 0 times
...
Avery
7 months ago
Social engineering, hands down. Who needs hacking when you can just trick someone into giving up the keys to the kingdom?
upvoted 0 times
Douglass
5 months ago
A) Cross-site scripting (XSS)
upvoted 0 times
...
...
Tatum
7 months ago
But what about C) Social engineering? That can lead to data breaches and other security issues.
upvoted 0 times
...
Veronika
7 months ago
I'm going with C. Social engineering is the most insidious and can lead to all sorts of nasty consequences for the organization.
upvoted 0 times
Gabriele
6 months ago
B) Copyright violations
upvoted 0 times
...
Mari
6 months ago
A) Cross-site scripting (XSS)
upvoted 0 times
...
...
Muriel
7 months ago
I agree with Erasmo, negative posts can damage the organization's reputation.
upvoted 0 times
...
Erasmo
7 months ago
I think D) Adverse posts about the organization is the greatest risk.
upvoted 0 times
...
Thea
7 months ago
While adverse posts are a concern, I believe social engineering poses the greatest threat. Employees can inadvertently give away too much information.
upvoted 0 times
...
Hannah
7 months ago
Definitely agree with Jackie. Social engineering is a sneaky and effective way for attackers to gain access to sensitive information.
upvoted 0 times
Jaleesa
6 months ago
C) Social engineering
upvoted 0 times
...
Herminia
7 months ago
A) Cross-site scripting (XSS)
upvoted 0 times
...
...
Jackie
8 months ago
I think social engineering is the biggest risk here. Employees can easily fall victim to manipulation on public social media.
upvoted 0 times
Marci
7 months ago
C) Social engineering
upvoted 0 times
...
Goldie
7 months ago
B) Copyright violations
upvoted 0 times
...
Brett
7 months ago
A) Cross-site scripting (XSS)
upvoted 0 times
...
...

Save Cancel