To mitigate the risk of exposing data through application programming interface (API) queries, which of the following design considerations is
Correct Answer: D
Question 207
Which of the following is MOST critical to include when developing a data loss prevention (DIP) policy?
Correct Answer: B
Question 208
Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?
Correct Answer: B
Explanation The primary objective of implementing privacy-related controls within an organization is to comply with legal and regulatory requirements that protect the rights and interests of individuals whose personal data are collected, processed, stored, shared or disposed by the organization. Privacy-related controls are based on principles such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability. These principles aim to ensure that personal data are processed in a manner that respects the privacy of individuals and complies with the applicable laws and regulations in different jurisdictions. Preventing confidential data loss, identifying data at rest and data in transit for encryption, and providing options to individuals regarding use of their data are examples of specific privacy-related controls that support the primary objective of compliance. References: Privacy Regulatory Lookup Tool, CDPSE Official Review Manual, 2nd Edition
Question 209
Which of the following is MOST important when planning a network audit?
Correct Answer: D
Question 210
Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?
Correct Answer: D
It is important for the IS auditor to determine if any credit card information is stored on the local point-of-sale (POS) system. Any such information, if stored, should be encrypted or protected by other means to avoid the possibility of unauthorized disclosure. Manually inputting sale invoices into the accounting application is an operational issue, if the POS system were to be interfaced with the financial accounting application, the overall efficiency could be improved. The nonavailability of optical scanners to read bar codes of the products and power outages are operational issues.
