Comprehensive and Detailed Step-by-Step Explanation:
Thebest protectionfor a stolen laptop isfull disk encryption, which prevents unauthorized accesseven if the device is lost.
* Option A (Incorrect):Remote wipe capabilitiesare useful, but theyrequire an internet connectionto function, which is not always available when a device is stolen.
* Option B (Correct):Full disk encryption (FDE)ensures that data remainsunreadablewithout the correct decryption key,even if the hard drive is removed.
* Option C (Incorrect):User awarenessis helpful, but itdoes not physically securedata on a lost device.
* Option D (Incorrect):Password-protected filescan be bypassed by copying them to another system, making them an inadequate security measure.
Reference:ISACA CISA Review Manual -Domain 5: Protection of Information Assets- Coversencryption, data security, and endpoint protection.

Comprehensive and Detailed Step-by-Step Explanation:
Data collection and obtaining consentis themost critical regulatory requirementwhen using customer data for AI training, especially under laws likeGDPR, CCPA, and ISO 27701.
* Collection of Data and Obtaining Consent (Correct Answer - C)
* Ensures compliance withprivacy lawsthat require explicit customer consent.
* Example:UnderGDPR, companies mustinform usershow their data will be used and allow them toopt out.
* AI Algorithm Accuracy (Incorrect - A)
* Important formodel performancebutnot a primary legal concern.
* Ethical Use of Computing Resources (Incorrect - B)
* Ethical considerations are valuable butnot a regulatory priority.
* Continuous Monitoring of AI (Incorrect - D)
* Ensuresperformance, butregulatory compliance focuses on data privacy.
References:
* ISACA CISA Review Manual
* GDPR & CCPA Compliance Guidelines
* ISO 27701 (Privacy Information Management System)

A system electronic log is the most useful source of information for an IS auditor to review all access attempts to a video-monitored and proximity card-controlled communications room. A system electronic log can provide accurate and detailed records of the date, time, card number, and status (success or failure) of each access attempt. A system electronic log can also be easily searched, filtered, and analyzed by the auditor to identify any unauthorized or suspicious access attempts.
A manual sign-in and sign-out log is not as reliable or useful as a system electronic log, because it depends on the honesty and compliance of the users. A manual log can be easily manipulated, forged, or omitted by the users or intruders. A manual log also does not capture the status of each access attempt, and it can be difficult to verify the identity of the users based on their signatures.
An alarm system with CCTV is not as useful as a system electronic log, because it only captures the events that trigger the alarm, such as unauthorized or forced entry. An alarm system with CCTV does not provide a complete record of all access attempts, and it can be affected by factors such as camera angle, lighting, and resolution. An alarm system with CCTV also requires more time and effort to review the video footage by the auditor.
A security incident log is not as useful as a system electronic log, because it only records the incidents that are reported by the users or detected by the security staff. A security incident log does not provide a comprehensive record of all access attempts, and it can be incomplete or inaccurate depending on the reporting and detection mechanisms. A security incident log also does not capture the details of each access attempt, such as the card number and status.
References:
* ISACA CISA Review Manual 27th Edition (2019), page 247
* ISACA CISA Certified Information Systems Auditor Exam ... - PUPUWEB

The concept of materiality is most important for an IS auditor to apply when planning an audit engagement, because it helps the auditor to determine the scope, objectives, procedures and resources of the audit.
Materiality is the degree to which an omission or misstatement of information could affect the users' decisions or the achievement of the audit objectives. By applying the concept of materiality, the auditor can focus on the most significant and relevant areas of the audit and avoid wasting time and effort on trivial or immaterial matters. The other options are not as important as planning an audit engagement, because they are either based on or affected by the materiality assessment done during the planning phase. References:
* ISACA, CISA Review Manual, 27th Edition, chapter 1, section 1.31
* ISACA, IT Audit and Assurance Standards, Guidelines and Tools and Techniques for IS Audit and Assurance Professionals, section 12022