Which of the following is the MOST reliable way for an IS auditor to evaluate the operational effectiveness of an organization's data loss prevention (DLP) controls?
Correct Answer: C
Section: Protection of Information Assets
Question 517
An organization has replaced all of the storage devices at its primary data center with new higher-capacity units The replaced devices have been installed at the disaster recovery site to replace older units An IS auditor s PRIMARY concern would be whether
Correct Answer: A
Explanation An IS auditor's primary concern would be whether the recovery site devices can handle the storage requirements. The storage requirements are determined by the amount and type of data that needs to be backed up and restored in case of a disaster at the primary data center. The recovery site devices should have enough capacity, performance, reliability, and compatibility to meet these requirements. If the recovery site devices cannot handle the storage requirements, then there is a risk that some data may not be backed up properly or may not be available for recovery when needed. This could result in data loss, corruption, or inconsistency, which could affect the business continuity and integrity of the organization. Therefore, an IS auditor should verify that: The recovery site devices have sufficient storage space to accommodate all the data that needs to be backed up from the primary data center. The recovery site devices have adequate bandwidth and speed to transfer and access data efficiently and effectively. The recovery site devices have appropriate security features and controls to protect data from unauthorized access or modification. The recovery site devices are compatible with the primary data center devices in terms of hardware, software, format, and protocol. References: 10: What Is a Disaster Recovery Site? Hot, Cold & Warm Site 11: Disaster recovery site - What is the ideal distance to mitigate risks? - Advisera 12: Offsite Data Backup Storage vs Disaster Recovery (DR) - LINBIT
Question 518
Which of the following entities is BEST suited to define the data classification levels within an organization?
Correct Answer: C
Section: Information System Operations, Maintenance and Support
Question 519
A web application is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?
Correct Answer: A
Section: Information System Acquisition, Development and Implementation
Question 520
An IS auditor notes that nightly hatch processing is frequently incomplete for an application. The auditor should FIRST review controls over which of the following?
