IIA CIA IIA-CIA-Part3 Question # 141 Topic 15 Discussion

IIA-CIA-Part3 Exam Topic 15 Question 141 Discussion:

Question #: 141

Topic #: 15

A manager at a publishing company received an email that appeared to be from one of her vendors with an attachment that contained malware embedded in an Excel spreadsheet . When the spreadsheet was opened, the cybercriminal was able to attack the company's network and gain access to an unpublished and highly anticipated book. Which of the following controls would be most effective to prevent such an attack?

Monitoring network traffic.

Using whitelists and blacklists to manage network traffic.

Restricting access and blocking unauthorized access to the network

Educating employees throughout the company to recognize phishing attacks.

Get Premium IIA-CIA-Part3 Questions

Explanation

This attack was caused by a phishing email containing malware embedded in an Excel spreadsheet. The most effective way to prevent such attacks is employee awareness training, as human error is the leading cause of successful phishing attempts.

Understanding Phishing Attacks:

Phishing emails trick employees into opening malicious links or attachments, leading to malware infections and data breaches.

Cybercriminals often disguise emails as coming from trusted vendors or colleagues.

Why Employee Training is the Most Effective Control:

Employees must be trained to identify suspicious emails, attachments, and links.

Training reduces the likelihood of employees accidentally opening malicious files.

Many cybersecurity frameworks (e.g., NIST, ISO 27001, and CIS) emphasize employee awareness as the first line of defense.

Why the Other Options Are Less Effective Alone:

A. Monitoring network traffic. ❌

Can detect unusual activity after an attack but does not prevent phishing attempts.

B. Using whitelists and blacklists to manage network traffic. ❌

Helps filter harmful websites, but phishing emails often appear legitimate and may bypass filters.

C. Restricting access and blocking unauthorized access to the network. ❌

Helps limit damage after malware enters the network but does not stop employees from opening phishing emails.

IIA GTAG (Global Technology Audit Guide) on Cybersecurity: Recommends employee awareness programs as a key control.

IIA Standard 2110 (Governance): Internal auditors should assess cybersecurity training programs.

NIST Cybersecurity Framework – PR.AT (Protect – Awareness and Training): Emphasizes the role of employee education in preventing cyber threats.

ISO/IEC 27001 – Security Awareness and Training (A.7.2.2): Requires organizations to implement cybersecurity awareness programs.

Step-by-Step Justification:IIA References:Thus, the correct answer is D. Educating employees throughout the company to recognize phishing attacks. ✅

Actual exam question for IIA IIA-CIA-Part3 exam by Orion47325 at May 1, 2026, 1:50:22 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Exam IIA-CIA-Part3 All Questions

IIA CIA IIA-CIA-Part3 Question # 141 Topic 15 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Exam IIA-CIA-Part3 All Questions

IIA CIA IIA-CIA-Part3 Question # 141 Topic 15 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval