Isaca Updated CISA Exam Questions and Answers by daniela

An organization relies on an external vendor that uses a cloud-based Software as a Service (SaaS) model to back up its data. SaaS is a model in which the software is centrally hosted and accessed by the user via a web browser using the internet1. The vendor owns and maintains the software and the data, and the organization pays for the use of the service on a subscription or usage basis1. The greatest risk to the organization related to data backup and retrieval is that the vendor may be unable to restore critical data.

Data backup and retrieval are essential processes for ensuring the availability, integrity, and security of data in case of loss, corruption, or damage2. Data backup is the process of creating and storing copies of data in a separate location from the original data2. Data retrieval is the process of accessing and restoring the backed-up data when needed2. Critical data are data that are vital for the operation, continuity, and recovery of the organization3.

If the vendor is unable to restore critical data, the organization may face severe consequences, such as:

Business disruption: The organization may not be able to perform its core functions, deliver its products or services, or meet its customer or stakeholder expectations3.

Revenue loss: The organization may lose income, market share, or competitive advantage due to reduced sales, customer dissatisfaction, or reputation damage3.

Legal liability: The organization may face lawsuits, fines, or penalties for breaching contractual, regulatory, or statutory obligations related to data protection, privacy, or security3.

Recovery cost: The organization may incur additional expenses for repairing or replacing the lost or corrupted data, restoring the system functionality, or compensating the affected parties3.

The other options are not as great as the vendor’s inability to restore critical data. The organization may be locked into an unfavorable contract with the vendor, which may limit its flexibility, control, or choice over the service quality, cost, or duration4. However, this risk can be mitigated by negotiating better terms and conditions, reviewing the contract periodically, or switching to another vendor if possible4. The vendor may be unable to restore data by recovery time objective (RTO) requirements, which are the maximum acceptable time frames for restoring data after a disruption5. However, this risk can be reduced by setting realistic and achievable RTOs, monitoring the vendor’s performance, or implementing alternative recovery strategies if needed5. The organization may not be allowed to inspect the vendor’s data center, which may limit its visibility, transparency, or assurance over the service provider’s infrastructure, security, or compliance. However, this risk can be overcome by requesting third-party audits, certifications, or reports from the vendor that demonstrate their adherence to industry standards and best practices. Therefore, option B is the correct answer.

Sending a copy of the transaction logs to offsite storage on a daily basis would minimize the risk of losing transactions as a result of a disaster. This is because offsite storage provides a backup of the data that can be recovered in case of a catastrophic event that destroys or damages the onsite data. Storing a copy of the transaction logs onsite in a fireproof vault (B) would not protect the data from other types of disasters, such as floods, earthquakes, or theft. Encrypting © or signing (D) a copy of the transaction logs and storing them on a local server would not prevent the loss of data if the server is affected by the disaster. Encryption and digital signatures are security measures that protect the confidentiality and integrity of the data, but not the availability.

Given the large volume of data transactions, continuous monitoring is the best testing strategy for auditing the inventory control process. Continuous monitoring involves the automated review of operational and financial data to identify anomalies or areas of concern12. This approach allows for real-time identification and resolution of issues, making it particularly effective for large organizations with high transaction volumes12.

The most effective method for detecting the presence of an unauthorized wireless access point on an internal network is A. Continuous network monitoring. This is because continuous network monitoring can capture and analyze all the wireless traffic in the network and identify any rogue or spoofed devices that may be connected to the network without authorization. Continuous network monitoring can also alert the system administrator of any suspicious or anomalous activities on the network and help to locate and remove the unauthorized wireless access point quickly.

Periodic network vulnerability assessments (B) can also help to detect unauthorized wireless access points, but they are not as effective as continuous network monitoring, because they are performed at fixed intervals and may miss some devices that are added or removed between the assessments. Review of electronic access logs © can provide some information about the devices that access the network, but they may not be able to detect devices that use fake or stolen credentials or devices that do not generate any logs. Physical security reviews (D) can help to prevent unauthorized physical access to the network ports or devices, but they may not be able to detect wireless access points that are hidden or disguised as legitimate devices.