CISA—Certified Information Systems Auditor - Part 385

1. Which of the following would BEST help to support an auditor's conclusion about the effectiveness of an implemented data classification program?

A) Detailed data classification scheme
B) Access rights provisioned according to scheme
C) Business use cases and scenarios
D) Purchase of information management tools



2. An organization is considering using production data for testing a new application's functionality. Which of the following data protection techniques would BEST ensure that personal data cannot be inadvertently recovered in test environments while also reducing the need for strict confidentiality of the data?

A) Data anonymization
B) Data minimization
C) Data normalization
D) Data encryption



3. Disaster recovery planning for network connectivity to a hot site over a public-switched network would be MOST likely to include:

A) minimizing the number of points of presence
B) contracts for acquiring new leased lines
C) reciprocal agreements with customers of that network
D) redirecting private virtual circuits



4. Which of the following privacy principles ensures data controllers do not use personal data unintended ways that breach protection of data subjects?

A) Data retention
B) Adequacy
C) Accuracy
D) Purpose limitation



5. An organization's software develops need access to personally identifiable information (PII) stored in a particular data format. Which of the following would be theBEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

A) Data masking
B) Data encryption
C) Data tokenization
D) Data abstraction