Free Access to ISACA.CISA.v2024-03-31.q980 with Valid Practice Test (Page 192)

Question 951

Which of the following BEST protects evidence in a forensic investigation?

A.imaging the affected system
B.Powering down the affected system
C.Protecting the hardware of the affected system
D.Rebooting the affected system

Question 952

An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

A.Data masking
B.Data tokenization
C.Data encryption
D.Data abstraction

Correct Answer: A

Explanation
The best way to protect sensitive information such as personally identifiable information (PII) stored in a particular data format while allowing the software developers to use it in development and test environments is data masking. Data masking is a technique that replaces or obscures sensitive data elements with fictitious or modified data elements that retain the original format and characteristics of the data. Data masking can help protect sensitive information such as PII stored in a particular data format while allowing the software developers to use it in development and test environments by preventing the exposure or disclosure of the real data values without affecting the functionality or performance of the software or application. The other options are not as effective as data masking in protecting sensitive information such as PII stored in a particular data format while allowing the software developers to use it in development and test environments, as they have different limitations or drawbacks. Data tokenization is a technique that replaces sensitive data elements with non-sensitive tokens that have no intrinsic value or meaning. Data tokenization can protect sensitive information such as PII from unauthorized access or theft, but it may not retain the original format and characteristics of the data, which may affect the functionality or performance of the software or application.
Data encryption is a technique that transforms sensitive data elements into unreadable or unintelligible ciphertext using an algorithm and a key. Data encryption can protect sensitive information such as PII from unauthorized access or modification, but it requires decryption to restore the original data values, which may introduce additional complexity or overhead to the software development process. Data abstraction is a technique that hides the details or complexity of data structures or operations from users or programmers by providing a simplified representation or interface. Data abstraction can help improve the usability or maintainability of software or applications, but it does not protect sensitive information such as PII from exposure or disclosure. References: CISA Review Manual (Digital Version), Chapter 5, Section 5.3.2

Question 953

Which of the following responsibilities of an organization's quality assurance (QA) function should raise concern for an IS auditor?

A.Ensuring standards are adhered to within the development process
B.Ensuring the test work supports observations
C.Updating development methodology
D.Implementing solutions to correct defects

Question 954

Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?

A.it improves security at a cost in functionality.
B.it improves functionality at a cost in security.
C.it improves security at a cost in system performance.
D.it improves performance at a cost in functionality.
E.None of the choices.

Question 955

When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor?

A.The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks.
B.Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system.
C.A single implementation is planned, immediately decommissioning the legacy system.
D.Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system's software.

Question 951

Question 952

Question 953

Question 954

Question 955

Download PDF File