Instant Access ISACA.CISA.v2025-04-26.q652 Actual Practice Test Engine for Free (Page 21)

Question 96

As part of a recent business-critical initiative, an organization is re- purposing its customer dat a. However, its customers are unaware that their data is being used for another purpose. What is the BEST recommendation to address the associated data privacy risk to the organization?

A.Adjust the existing data retention requirements.
B.Ensure the data processing activity remains onshore.
C.Obtain customer consent for secondary use of the data.
D.Maintain an audit trail of the data analysis activity

Question 97

An IS auditor observed that most users do not comply with physical access controls. The business manager has explained that the control design is inefficient. What is the auditor's BEST course of action?

A.Recommend changing the access control process to increase efficiency.
B.Identify the impact of control failure and report the finding with a risk rating.
C.Redesign and retest the physical access control.
D.Work with management to design and implement a better control.

Question 98

Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?

A.Perform an independent audit.
B.Rotate rob duties periodically
C.Hire temporary staff.
D.Implement compensating controls

Question 99

Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

A.Assess the impact of patches prior to installation.
B.Ask the vendors for a new software version with all fixes included.
C.install the security patch immediately.
D.Decline to deal with these vendors in the future.

Question 100

.Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?

A.True
B.False

Question 96

Question 97

Question 98

Question 99

Question 100

Download PDF File