Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem? Choose the BEST answer.
Correct Answer: B
Explanation/Reference: Neural networks are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem.
Question 787
What influences decisions regarding criticality of assets?
Correct Answer: C
Section: Protection of Information Assets Explanation: Criticality of assets is often influenced by the business criticality of the data to be protected and by the scope of the impact upon the organization as a whole. For example, the loss of a network backbone creates a much greater impact on the organization as a whole than the loss of data on a typical user's workstation.
Question 788
What is often assured through table link verification and reference checks?
Correct Answer: A
Section: Protection of Information Assets Explanation: Database integrity is most often ensured through table link verification and reference checks.
Question 789
Which of the following are used in a firewall to protect the entity's internal resources?
Correct Answer: C
Internet Protocol (IP) address restrictions are used in a firewall to protect the entity's internal resources by allowing or denying access to specific IP addresses or ranges of IP addresses based on predefined rules. Remote access servers, Secure Sockets Layers (SSLs), and failover services are not directly related to firewall protection, but rather to other aspects of network security, such as authentication, encryption, and availability. References: CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.2: Network Security Devices and Technologies
Question 790
Which of the following is the MOST important responsibility of data owners when implementing a data classification process?
Correct Answer: C
Explanation The most important responsibility of data owners when implementing a data classification process is determining appropriate user access levels (option C). This is because: Data owners are the persons or entities that have the authority and responsibility for the business processes and functions that collect, use, store, and dispose of data1. Data owners are accountable for ensuring that the data is handled in compliance with the applicable laws, regulations, policies, and standards, such as the GDPR and the PIPEDA1234. Data owners are in the best position to determine the purpose and necessity of collecting and retaining data, as well as the risks and benefits associated with it1. Data owners should consult with other stakeholders, such as the risk manager, the database administrator (DBA), and the privacy manager, to establish and implement appropriate data classification policies and procedures2. Data classification is the process of organizing data in groups based on their attributes and characteristics, and then assigning class labels that describe a set of attributes that hold true for the corresponding data sets345. Data classification helps organizations to identify, manage, protect, and understand their data, as well as to comply with modern data privacy regulations345. Data classification also helps to determine appropriate user access levels, which means defining who can access, modify, share, or delete data based on their roles, responsibilities, and needs345. Determining appropriate user access levels is the most important responsibility of data owners when implementing a data classification process, as it ensures that only authorized and legitimate users can access sensitive or important data. This provides confidentiality, integrity, availability, and accountability of data345. Reviewing emergency changes to data (option A), authorizing application code changes (option B), and implementing access rules over database tables (option D) are not the most important responsibilities of data owners when implementing a data classification process. These are more related to the operational aspects of data management, which are usually delegated to other roles, such as the DBA or the IT staff. The data owner should oversee and approve these activities, but not perform them directly1.
