Question 1

To mitigate the risk of exposing data through application programming interface (API) queries, which of the following design considerations is MOST important?

Options :

A : Data quality

B : Data integrity

C : Data minimization

D : Data retention

Answer: C

Question 2

An IS auditor reviewing the database controls for a new e-commerce system discovers a security weakness in the database configuration. Which of the following should be the IS auditor's NEXT course of action?

Options :

A : Disclose the findings to senior management.

B : Identify existing mitigating controls.

C : ttempt to exploit the weakness.

D : Assist in drafting corrective actions.

Answer: B

Question 3

Which of the following is the GREATEST advantage of utilizing guest operating systems in a virtual environment?

Options :

A : They can be logged into and monitored from any location.

B : They prevent access to the greater environment via Transmission Control Protocol/Internet Protocol (TCP/IP)

C : They can be wiped quickly in the event of a security breach.

D : They are easier to containerize with minimal impact to the rest of the environment

Answer: C

Question 4

The PRIMARY benefit of information asset classification is that it:

Options :

A : enables risk management decisions.

B : helps to align organizational objectives.

C : prevents loss of assets.

D : facilitates budgeting accuracy.

Answer: A

Question 5

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

Options :

A : Add testing of third-party access controls to the scope of the audit.

B : Plan to test these controls in another audit.

C : Determine whether the risk has been identified in the planning documents.

D : Escalate the deficiency to audit management.

Answer: C

Smartly Prepare Exam with Free Online CISA Practice Test

Buying Options: