Exam CISA topic 1 question 31 discussion

You are importing data from external market provider which makes it authentic source, data quality doesnt need to be monitored as it may only be one source. But transfer protocol should be encrypted both for confidentiality and integrity. Authentication may not even be needed maybe its open to everyone. Answer is clearly D, in all cases you need encryption

I will go with A. If the quality is already compromised, encryption of the protocol will not be of any help.

B FOR BRAVO

This is a key concern because if data quality is not monitored, there is a high chance that inaccurate data will enter the system and negatively impact decision-making.

Answer: B

my answer is B

The answer is A. Market prices are not confidential information and need not be encrypted.

The main consideration when relying on data from external source is authenticity of the source

I Though A is answer. Data quality is most important. There is no need for low quality data. If the data is of a quality appropriate for your business level, you must decide whether to encrypt it or not. This question is about the data brought in.

The question remark "MOST critical", so it has to be D) rather than A)

In practice, the answer should be A. A is related to the SLA with the vendor and therefore has a direct financial impact and legal impact if it is escalated to a dispute. For option B and D, the party baring the risks and costs is actually the vendor, and hence for the auditor's client, the most concerning finding should be A.

this is public data available to anyone, why do they need to be encrypted?

I though D is the answer. Am I wrong?

B. The transfer protocol does not require authentication.

D is the correct answer.

Too much assumptions to deduce from these CISA-esque questions.

I believe A is the right answer. Market price data is public information and not sensitive. Therefore, the quality of data is important.