exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam

Exam CISA topic 1 question 31 discussion

Actual exam question from Isaca's CISA
Question #: 31
Topic #: 1
[All CISA Questions]

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider
MOST critical?

  • A. The quality of the data is not monitored.
  • B. The transfer protocol does not require authentication.
  • C. Imported data is not disposed frequently.
  • D. The transfer protocol is not encrypted.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
frisbg
Highly Voted 1 year, 10 months ago
You are importing data from external market provider which makes it authentic source, data quality doesnt need to be monitored as it may only be one source. But transfer protocol should be encrypted both for confidentiality and integrity. Authentication may not even be needed maybe its open to everyone. Answer is clearly D, in all cases you need encryption
upvoted 7 times
...
Elikplim
Highly Voted 2 years, 6 months ago
I will go with A. If the quality is already compromised, encryption of the protocol will not be of any help.
upvoted 5 times
...
Ilation
Most Recent 4 weeks, 1 day ago
Selected Answer: B
Without authentication, an attacker can impersonate a legitimate data provider and send manipulated market prices. If authentication is missing, an attacker on the network could intercept the data transfer and insert fraudulent data.
upvoted 1 times
...
roxannebadenhorst
3 months, 1 week ago
Selected Answer: B
The most critical finding is that the transfer protocol does not require authentication. If the data import process lacks authentication, it opens the system to potential risks such as unauthorized access, data manipulation, or spoofed data submissions from untrusted sources. This compromises the integrity and authenticity of the imported market price data, which could have significant financial and operational consequences.
upvoted 1 times
yadavji12381
2 months, 2 weeks ago
Auditor is reviewing process of "importing market price data from external data providers", if authentication is not in place it will make the organisation import data from unauthorized sources, which is unnecessary and critical since it may get the wrong data. However, transfer of unencrypted data from authorised sources on the network is the most critical as it may compromise the confidentiality.
upvoted 1 times
...
...
Pumeza
4 months, 3 weeks ago
B FOR BRAVO
upvoted 2 times
...
Swallows
8 months, 3 weeks ago
Selected Answer: A
This is a key concern because if data quality is not monitored, there is a high chance that inaccurate data will enter the system and negatively impact decision-making.
upvoted 1 times
...
a84n
11 months, 1 week ago
Selected Answer: B
Answer: B
upvoted 1 times
a84n
11 months, 1 week ago
Sorry the correct answer is D
upvoted 1 times
...
...
5b56aae
11 months, 3 weeks ago
Selected Answer: B
my answer is B
upvoted 1 times
...
Swallows
12 months ago
Selected Answer: A
The answer is A. Market prices are not confidential information and need not be encrypted.
upvoted 3 times
...
echo_cert
1 year, 1 month ago
Selected Answer: B
The main consideration when relying on data from external source is authenticity of the source
upvoted 1 times
...
crowsaint
1 year, 1 month ago
Selected Answer: A
I Though A is answer. Data quality is most important. There is no need for low quality data. If the data is of a quality appropriate for your business level, you must decide whether to encrypt it or not. This question is about the data brought in.
upvoted 2 times
...
CISA2021
1 year, 2 months ago
Selected Answer: D
The question remark "MOST critical", so it has to be D) rather than A)
upvoted 2 times
...
r9m5
1 year, 6 months ago
Selected Answer: A
In practice, the answer should be A. A is related to the SLA with the vendor and therefore has a direct financial impact and legal impact if it is escalated to a dispute. For option B and D, the party baring the risks and costs is actually the vendor, and hence for the auditor's client, the most concerning finding should be A.
upvoted 2 times
...
cidigi
1 year, 7 months ago
this is public data available to anyone, why do they need to be encrypted?
upvoted 3 times
...
[Removed]
1 year, 10 months ago
Selected Answer: D
I though D is the answer. Am I wrong?
upvoted 2 times
...
saado9
2 years ago
B. The transfer protocol does not require authentication.
upvoted 3 times
...
Broesweelies
2 years, 1 month ago
Selected Answer: D
D is the correct answer.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago