To mitigate the risk of exposing data through application programming interface (API) queries, which of the following design considerations is MOST important?

A. Data minimalization
B. Data quality
C. Data retention
D. Data integrity

Which of the following test approaches would utilize data analytics to test a dual approval payment control?

A. Review payments completed in the past month that do not have a unique approver.
B. Attempt to complete a payment without a secondary approval.
C. Review users within the payment application who are assigned an approver role.
D. Evaluate configuration settings for the secondary approval requirements.

When implementing a software product (middleware) to pass data between local area network (LAN) servers and the mainframe, the MOST critical control consideration is:

A. cross-platform authentication.
B. time synchronization of databases.
C. network traffic levels between platforms.
D. time-stamping of transactions to facilitate recovery.

Which of the following BEST helps to ensure data integrity across system interfaces?

A. Environment segregation
B. System backups
C. Reconciliations
D. Access controls

An IS audit concludes that entry to the computer room is appropriately controlled. The audit result provides assurance that:

A. the theft of hardware is prevented.
B. the confidentiality of data is protected.
C. data leakage is prevented.
D. unauthorized access is prevented.

Which of the following is the BEST control to protect an organization's sensitive data when using a publicly available cloud storage service?

A. Cryptographic hash function performed by the cloud vendor
B. Transparent volume encryption offered by the cloud vendor
C. Data encryption performed by the organization prior to uploading
D. Transport layer security (TLS) between the cloud vendor and the organization

When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of:

A. a security team.
B. data classification.
C. training manuals.
D. data encryption.

An IS auditor is reviewing an organization's implementation of a bring your own device (BYOD) program. Which of following would be the BEST recommendation to help ensure sensitive data is protected if a device is in the possession of an unauthorized individual?

A. Enable the location service feature on devices.
B. Encrypt data on devices including storage media.
C. Authenticate device users when accessing the corporate network.
D. Enable remote wiping of critical data.

Which of the following would have the GREATEST impact on defining the classification levels for electronic documents?

A. Value of information
B. Volume of information
C. Document archival requirements
D. End user preferences

Which of the following would MOST effectively minimize the risk of unauthorized online banking customer transactions due to phishing?

A. A strong authentication mechanism
B. Clear audit trails
C. An intrusion prevention system (IPS)
D. A customer awareness program