Isaca CISA Quiz 538 Topic 2 Questions 2686-2690

Question: 1

An organization is designing an application programming interface (API) for business-to-business data sharing

with a vendor. Which of the following is the BEST way to reduce the potential risk of data leakage?

AImplement a policy to require data transfer over hypertext transfer protocol (HTTP)

BImplement the API on a secure server and encrypt traffic between both organizations

CRestrict the allowable number of API calls within a specified period

DConduct an independent review of the application architecture and service level agreements (SLAs)

Show Answer

Question: 2

When reviewing a database supported by a third-party service provider, an IS auditor found minor control

deficiencies. The auditor should FIRST discuss recommendations with the:

Aservice provider support team manager

Borganization's service level manager

Corganization's chief information officer (CIO)

Dservice provider contract liaison

Show Answer

Question: 3

A legacy application is running on an operating system that is no longer supported by the vendor. If the

organization continues to use the current application, which of the following should be the IS auditor's

GREATEST concern?

APotential exploitation of zero-day vulnerabilities in the system

BInability to update the legacy application database

CIncreased cost of maintaining the system

DInability to use the operating system due to potential license issues

Show Answer

Question: 4

Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture principles and requirements?

AConsider stakeholder concerns when defining the enterprise architecture.

BConduct enterprise architecture reviews as part of the change advisory board.

CPerform mandatory post-implementation reviews of IT implementations.

DDocument the security view as part of the enterprise architecture.

Show Answer

Question: 5

Which of the following is the PRIMARY objective of using a capability maturity model as a tool to communicate

audit results to senior management?

ATo evaluate management's action plan

BTo confirm audit findings

CTo illustrate improvement opportunities

DTo prioritize remediation efforts

Show Answer

Isaca CISA Quiz:538 Topic:2 Questions:2686-2690