00:00

QUESTION 1

- (Exam Topic 1)
An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?

Correct Answer: D

QUESTION 2

- (Exam Topic 4)
Which of the following is MOST important to determine when conducting an audit Of an organization's data privacy practices?

Correct Answer: D
The systems inventory containing personal data is a crucial element for auditing an organization’s data privacy practices. The systems inventory is a list of all the systems, applications, databases, and devices that collect, store, process, or transmit personal data within the organization12. The systems inventory helps the auditor to identify the scope, location, ownership, and classification of personal data, as well as the risks and controls associated with them12. The systems inventory also helps the auditor to verify compliance with data privacy laws, regulations, and internal policies that apply to different types of personal data

QUESTION 3

- (Exam Topic 4)
Which of the following is the BEST source of information for examining the classification of new data?

Correct Answer: C

QUESTION 4

- (Exam Topic 4)
During a routine internal software licensing review, an IS auditor discovers instances where employees shared license keys to critical pieces of business software. Which of the following would be the auditor's BEST course of action?

Correct Answer: D

QUESTION 5

- (Exam Topic 4)
What should an IS auditor evaluate FIRST when reviewing an organization's response to new privacy legislation?

Correct Answer: D
This is according to the ISACA's IS Auditing Guideline G14 on Privacy and Data Protection, which states that an IS auditor should first evaluate the organization's ability to identify and assess the systems that contain privacy components, and then review the adequacy of the operational plan for achieving compliance with the legislation.