Exam CISA All QuestionsBrowse all questions from this exam
Question 31

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider

MOST critical?

    Correct Answer: D

    When reviewing processes for importing market price data from external data providers, the most critical issue is that the transfer protocol is not encrypted. Encryption is essential to ensure the confidentiality and integrity of the data being transferred. Without encryption, the data could be intercepted and potentially altered or misused, leading to significant risks. While data quality and other considerations are important, they become secondary if the data can be compromised during transfer.

Discussion
frisbgOption: D

You are importing data from external market provider which makes it authentic source, data quality doesnt need to be monitored as it may only be one source. But transfer protocol should be encrypted both for confidentiality and integrity. Authentication may not even be needed maybe its open to everyone. Answer is clearly D, in all cases you need encryption

ElikplimOption: A

I will go with A. If the quality is already compromised, encryption of the protocol will not be of any help.

BroesweeliesOption: D

D is the correct answer.

cidigi

this is public data available to anyone, why do they need to be encrypted?

saado9Option: B

B. The transfer protocol does not require authentication.

StaanleeOption: A

I believe A is the right answer. Market price data is public information and not sensitive. Therefore, the quality of data is important.

maderon

I cannot be A. I am debating between B and D.

saado9

B. The transfer protocol does not require authentication.

SwallowsOption: A

The answer is A. Market prices are not confidential information and need not be encrypted.

crowsaintOption: A

I Though A is answer. Data quality is most important. There is no need for low quality data. If the data is of a quality appropriate for your business level, you must decide whether to encrypt it or not. This question is about the data brought in.

CISA2021Option: D

The question remark "MOST critical", so it has to be D) rather than A)

r9m5Option: A

In practice, the answer should be A. A is related to the SLA with the vendor and therefore has a direct financial impact and legal impact if it is escalated to a dispute. For option B and D, the party baring the risks and costs is actually the vendor, and hence for the auditor's client, the most concerning finding should be A.

[Removed]Option: D

I though D is the answer. Am I wrong?

SwallowsOption: A

This is a key concern because if data quality is not monitored, there is a high chance that inaccurate data will enter the system and negatively impact decision-making.

a84nOption: B

Answer: B

a84n

Sorry the correct answer is D

5b56aaeOption: B

my answer is B

echo_certOption: B

The main consideration when relying on data from external source is authenticity of the source

test5y7kq

Too much assumptions to deduce from these CISA-esque questions.