Free ISACA CISA Übungsprüfungen - Seite 18 von 55

Question #171

During a follow-up audit, an IS auditor finds that senior management has implemented a different remediation action plan than what was previously agreed upon.

Which of the following is the auditor’s BEST course of action?

A . Report the deviation by the control owner in the audit report.
B . Evaluate the implemented control to ensure it mitigates the risk to an acceptable level.
C . Cancel the follow-up audit and reschedule for the next audit period.
D . Request justification from management for not implementing the recommended control.

Lösung einblenden Lösung ausblenden

Question #172

Which of the following should an IS auditor do FIRST when auditing a robotics process automation (RPA) implementation?

A . Evaluate the overall solution architecture.
B . Analyze the sequence of activities performed by the robot.
C . Understand the business processes automated by the robot.
D . Identity the credentials used by the robot and where they are stored.

Lösung einblenden Lösung ausblenden

Question #173

Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?

A . Conduct periodic onsite assessments using agreed-upon criteria.
B . Conduct an unannounced vulnerability assessment of the vendor’s IT systems.
C . Periodically review the service level agreement (SLA) with the vendor.
D . Obtain evidence of the vendor’s control self-assessment (CSA).

Lösung einblenden Lösung ausblenden

Question #174

As part of the architecture of virtualized environments, in a bare metal or native visualization the hypervisor runs without:

A . a host operating system.
B . a guest operating system.
C . any applications on the guest operating system.
D . any applications on the host operating system.

Lösung einblenden Lösung ausblenden

Question #175

Which of the following should be the FIRST step when developing a data loss prevention (DLP) solution for a large organization?

A . Conduct a data inventory and classification exercise.
B . Identify approved data workflows across the enterprise_
C . Conduct a threat analysis against sensitive data usage.
D . Create the DLP policies and templates

Lösung einblenden Lösung ausblenden

Richtige Antwort: A
A

Explanation:

The first step when developing a DLP solution for a large organization is to conduct a data inventory and classification exercise. This step involves identifying and locating all the data assets that the organization owns, generates, or handles, and assigning them to different categories based on their sensitivity, value, and regulatory requirements1. Data inventory and classification is essential for DLP because it helps to determine the scope and objectives of the DLP solution, as well as the appropriate level of protection and monitoring for each data category2. Data inventory and classification also enables the organization to prioritize its DLP efforts based on the risk and impact of data loss or leakage3.

Option B is not correct because identifying approved data workflows across the enterprise is a subsequent step after conducting data inventory and classification. Data workflows are the processes and channels through which data are created, stored, accessed, shared, or transmitted within or outside the organization4. Identifying approved data workflows helps to define the normal and legitimate use of data, as well as to detect and prevent unauthorized or anomalous data activities5. However, before identifying approved data workflows, the organization needs to know what data it has and how it should be classified.

Option C is not correct because conducting a threat analysis against sensitive data usage is another subsequent step after conducting data inventory and classification. Threat analysis is the process of identifying and assessing the potential sources, methods, and impacts of data loss or leakage incidents. Threat analysis helps to design and implement effective DLP controls and countermeasures based on the risk profile of each data category. However, before conducting threat analysis, the organization needs to know what data it has and how it should be classified.

Option D is not correct because creating the DLP policies and templates is the final step after conducting data inventory and classification, identifying approved data workflows, and conducting threat analysis. DLP policies and templates are the rules and configurations that specify how the DLP solution should monitor, detect, report, and respond to data loss or leakage events. DLP policies and templates should be aligned with the organization’s business needs, regulatory obligations, and risk appetite. However, before creating the DLP policies and templates, the organization needs to know what data it has, how it should be classified, how it should be used, and what threats it faces.

References:

Data Inventory & Classification: The First Step in Data Protection1

Data Classification: What It Is And Why You Need It2

How to Prioritize Your Data Loss Prevention Strategy in 20203

What Is Data Workflow? Definition & Examples4

How to Identify Data Workflows for Your Business5

Threat Analysis: A Comprehensive Guide for Beginners How to Conduct a Threat Assessment for Your Business What Is Data Loss Prevention (DLP)? Definition & Examples How to Create Effective Data Loss Prevention Policies

Question #176

During an organization’s implementation of a data loss prevention (DLP) solution, which of the following activities should be completed FIRST?

A . Configuring reports
B . Configuring rule sets
C . Enabling detection points
D . Establishing exceptions workflow

Lösung einblenden Lösung ausblenden

Question #177

When conducting an audit of an organization’s use of AI in its customer service chatbots, an IS auditor should PRIMARILY focus on the:

A . Safeguarding of personal data processing by the AI system.
B . AI system’s compliance with industry security standards.
C . Speed and accuracy of chatbot responses to customer queries.
D . AI system’s ability to handle multiple customer queries at once.

Lösung einblenden Lösung ausblenden

Question #178

How would an IS auditor BEST determine the effectiveness of a security awareness program?

A . Review the results of social engineering tests.
B . Evaluate management survey results.
C . Interview employees to assess their security awareness.
D . Review security awareness training quiz results.

Lösung einblenden Lösung ausblenden

Question #179

Which of the following areas is MOST likely to be overlooked when implementing a new data classification process?

A . End-user computing (EUC) systems
B . Email attachments
C . Data sent to vendors
D . New system applications

Lösung einblenden Lösung ausblenden

Question #180

During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months.

Which of the following is the BEST course of action?

A . Require documentation that the finding will be addressed within the new system
B . Schedule a meeting to discuss the issue with senior management
C . Perform an ad hoc audit to determine if the vulnerability has been exploited
D . Recommend the finding be resolved prior to implementing the new system

Lösung einblenden Lösung ausblenden