CISA 試験問題を無料オンラインアクセス

Which of the following is an IS auditor's MOST important step in a privacy audit?

• A.Review third-party agreements for adequate personally identifiable information (PII) protection measures.
• B.Assess the controls in place for data management.
• C.Determine whether privacy training is being conducted for employees.
• D.Analyze all stages of the personally identifiable information (PII) data life cycle to identify potential risks.

During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

• A.allocation of resources during an emergency.
• B.differences in IS policies and procedures.
• C.maintenance of hardware and software compatibility.
• D.frequency of system testing.

Which of the following would present the GREATEST risk within a release management process for a new application?

• A.A newly added program may overwrite existing production files.
• B.Procedures are not updated to coincide with the production release schedule.
• C.An identified bug was not resolved.
• D.Code is deployed to production without authorization.

An IS auditor performs a follow-up audit and learns the approach taken by the auditee to fix the findings differs from the agreed-upon approach confirmed during the last audit. Which of the following should be the auditor's NEXT course of action?

• A.Inform senior management of the change in approach.
• B.Conduct a risk analysis incorporating the change.
• C.Evaluate the appropriateness of the remedial action taken.
• D.Report results of the follow-up to the audit committee.

Which of the following should be the FRST step when developing a data toes prevention (DIP) solution for a large organization?

• A.Create the DLP pcJc.es and templates
• B.Identify approved data workflows across the enterprise.
• C.Conduct a data inventory and classification exercise
• D.Conduct a threat analysis against sensitive data usage.