ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part3
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When executive compensation is based on the organization's financial results, which of the following situations is most likely to arise?
Which of the following contract concepts is typically given in exchange for the execution of a promise?
An internal auditor is reviewing key phases of a software development project. Which of the following would; the auditor most likely use to measure the project team's performance related to how project tasks are completed?
Which of the following statements is true regarding a project life cycle?
An internal auditor observed that the organization's disaster recovery solution will make use of a cold site in a town several miles away. Which of the following is likely to be a characteristic of this disaster recover/ solution?
An organization is considering outsourcing its IT services, and the internal auditor as assessing the related risks. The auditor grouped the related risks into three categories; - Risks specific to the organization itself. - Risks specific to the service provider. - Risks shared by both the organization and the service provider Which of the following risks should the auditor classify as specific to the service provider?
A newly appointed board member received an email that appeared to be from the company's CEO. The email stated: "Good morning. As you remember, the closure of projects is our top priority. Kindly organize prompt payment of the attached invoice for our new solar energy partners." The board member quickly replied to the email and asked under which project the expense should be accounted. Only then did he realize that the sender 's mail domain was different from the company's. Which of the following cybersecurity risks nearly occurred in the situation described?
An employee was promoted within the organization and relocated to a new office in a different building. A few months later, security personnel discovered that the employee's smart card was being used to access the building where she previously worked. Which of the following security controls could prevent such an incident from occurring?
Which of the following best describes the use of predictive analytics?
Which of the following characteristics applies to an organization that adopts a flat structure?

Question 10 - IIA-CIA-Part3 discussion

Report
Export

An organization decided to outsource its human resources function. As part of its process migration, the organization is implementing controls over sensitive employee data.

What would be the most appropriate directive control in this area?

A.
Require a Service Organization Controls (SOC) report from the service provider
Answers
A.
Require a Service Organization Controls (SOC) report from the service provider
B.
Include a data protection clause in the contract with the service provider.
Answers
B.
Include a data protection clause in the contract with the service provider.
C.
Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.
Answers
C.
Obtain a nondisclosure agreement from each employee at the service provider who will handle sensitive data.
D.
Encrypt the employees ' data before transmitting it to the service provider
Answers
D.
Encrypt the employees ' data before transmitting it to the service provider
Suggested answer: B
Show Answer
asked 18/09/2024
Brent Kehoe
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms