Isaca CISA Quiz 370 Topic 8 Questions 1846-1850

Question: 1

An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?

AManagement has formally approved the control design.

BRules enforced by the tool were based on the classification of the data.

CManagement presents evidence that data loss incidents have decreased.

DSecurity administrators can demonstrate the functions of the tool

Show Answer

Question: 2

During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer orders via credit card. The IS auditor could FIRST:

Anotify management.

Bdocument the finding in the report

Credesign the customer order process.

Dsuspend credit card processing.

Show Answer

Question: 3

Which of the following is MOST important for the improvement of an organization's incident response processes

ARegular upgrades to incident management software

BOngoing incident response training for users

CPost-event reviews by the incident response team

DPeriodic walk-through of incident response procedures

Show Answer

Question: 4

A complex IS environment which of the following tasks should be performed by the data owner?

ATest the validity of backup data

BPerform data restoration when necessary.

CPerform technical database maintenance.

DReview data classifications periodically

Show Answer

Question: 5

Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

AInformation security and incident management practices

BIndustry practice and regulatory compliance guidance

CData governance and data classification procedures

DPolicies and procedures consistent with privacy guidelines

Show Answer

Isaca CISA Quiz:370 Topic:8 Questions:1846-1850