Isaca CISA Practice Test - Questions Answers, Page 9

The best method to safeguard data on an organization's laptop computers is full disk encryption. Full disk encryption is a technique that encrypts all the data stored on a hard drive, including the operating system, applications, files, and folders. This means that if the laptop is lost, stolen, or accessed by an unauthorized person, they will not be able to read or modify any data without knowing the encryption key or password. Full disk encryption provides a strong level of protection for data at rest, as it prevents data leakage or exposure in case of physical theft or loss of the device.

How to Protect the Data on Your Laptop

6 Steps to Practice Strong Laptop Security

The most important control to assess in an audit of an organization's accounts payable processes is segregation of duties between issuing purchase orders and making payments. Segregation of duties is a principle that requires different individuals or departments to perform different tasks or functions within a process, in order to prevent fraud, errors, or conflicts of interest. In the accounts payable process, segregation of duties between issuing purchase orders and making payments ensures that no one person can initiate and complete a transaction without proper authorization and verification. This reduces the risk of duplicate payments, overpayments, unauthorized payments, or payments to fictitious vendors.

Accounts payable controls

Accounts Payable Internal Controls: A Simple Checklist

Network topology diagrams are the most important for an IS auditor to review when evaluating the design of controls related to network monitoring, because they show how the network components are connected and configured, and what security measures are in place to protect the network from unauthorized access or attacks.Incident monitoring logs, the ISP service level agreement, and reports of network traffic analysis are useful for evaluating the effectiveness and performance of network monitoring, but not the design of controls.Reference:CISA Review Manual (Digital Version), Chapter 5, Section 5.3.3

Reviewing input and output control reports to verify the accuracy of the system decisions is the most important procedure for the IS auditor to perform during the post-implementation review of intelligent-agent software for granting loans to customers, because it can help identify any errors or anomalies in the system logic or data that may affect the quality and reliability of the system outcomes.Reviewing system and error logs, signed approvals, and system documentation are also important procedures, but they are not as critical as verifying the accuracy of the system decisions.Reference:CISA Review Manual (Digital Version), Chapter 4, Section 4.2.21

Input validation is the best control to address SQL injection vulnerabilities, because it can prevent malicious users from entering SQL commands or statements into input fields that are intended for data entry, such as usernames or passwords. SQL injection is a technique that exploits a security vulnerability in an application's software by inserting SQL code into a query string that can execute commands on a database server.Unicode translation, SSL encryption, and digital signatures are not effective controls against SQL injection, because they do not prevent or detect SQL code injection into input fields.Reference:CISA Review Manual (Digital Version), Chapter 5, Section 5.4.2

Implementing business rules to validate employee data entry is the best way to reduce the likelihood of future occurrences of poor data quality that cause customer complaints about receiving different items from what they ordered on the organization's website. Business rules are logical statements that define the conditions and actions for data validation, such as checking for data completeness, accuracy, consistency, and integrity.Assigning responsibility for improving data quality, investing in additional employee training for data entry, and outsourcing data cleansing activities to reliable third parties are also possible ways to improve data quality, but they are not as effective as implementing business rules to validate employee data entry.Reference:CISA Review Manual (Digital Version), Chapter 4, Section 4.3.1