CISA Certified Information Systems Auditor – Question3108

Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?

A. System analysis
B. Authorization of access to data
C. Application programming
D. Data administration

Correct Answer: B

Explanation:

Explanation:
The application owner is responsible for authorizing access to data. Application development and programming are functions of the IS department. Similarly, system analysis should be performed by qualified persons in IS who have knowledge of IS and user requirements. Data administration is a specialized function related to database management systems and should be performed by qualified database administrators.

CISA Certified Information Systems Auditor – Question3107

Which of the following is the MOST important control to help minimize the risk of data leakage from calls made to a business-to-business application programming interface (API)?

A. Providing API security awareness training to developers
B. Deploying content inspection at the API gateway
C. Implementing API server clusters
D. Implementing an API versioning system

Correct Answer: B

CISA Certified Information Systems Auditor – Question3106

Which of the following BEST enables system resiliency for an e-commerce organization that requires a low recovery time objective (RTO) and a low recovery point objective (RPO)?

A. Redundant arrays
B. Nightly backups
C. Remote backups
D. Mirrored sites

Correct Answer: D

CISA Certified Information Systems Auditor – Question3105

Which of the following BEST addresses the availability of an online store?

A. Online backups
B. A mirrored site at another location
C. RAID level 5 storage devices
D. Clustered architecture

Correct Answer: B

CISA Certified Information Systems Auditor – Question3104

The risk that is created if a single sign-on is implemented for all systems is that a/an:

A. user can bypass current access security.
B. compromised password gives access to all systems.
C. authorized user can bypass the security layers.
D. user has equivalent access on all systems.

Correct Answer: B

CISA Certified Information Systems Auditor – Question3103

Which of the following is an advantage of using electronic data interchange (EDI)?

A. Contracts with the vendors are simplified.
B. Transcription of information is reduced.
C. Data validation is provided by the service provider.
D. Multiple inputs of the same document are allowed at different locations.

Correct Answer: B

CISA Certified Information Systems Auditor – Question3102

When connecting to an organization's intranet from the Internet, security against unauthorized access is BEST achieved by using:

A. encryption.
B. virtual private networks (VPNs).
C. screening routers.
D. proxy servers.

Correct Answer: B

CISA Certified Information Systems Auditor – Question3101

Buffer overflow in an Internet environment is of particular concern to the IS auditor because it can:

A. corrupt databases during the build.
B. be used to obtain importer access to a system.
C. cause the loss of critical data during processing.
D. cause printers to lose some of the document text when printing.

Correct Answer: B

CISA Certified Information Systems Auditor – Question3100

Which of the following presents the GREATEST security risk to an organization using peer-to-peer (P2P) file-sharing networks?

A. There is no audit trail for files residing outside of the organization.
B. IP addresses are shared to create a connection.
C. Penetration testing cannot identify issues with P2P file-sharing networks.
D. Controls are difficult to apply to unstructured networks.

Correct Answer: D

CISA Certified Information Systems Auditor – Question3099

Which of the following is the safest means of transmitting confidential information over the Internet?

A. Send the data to a trusted third party to resend to the destination.
B. Use asymmetric encryption and encrypt the data with a private key.
C. Establish a virtual private network (VPN) between the source and the destination.
D. Break the data into many packets and send it over different routes.

Correct Answer: C