ISC Deck 3 multi-unit

Question 1

What is the SOC 1 criteria?

Answer 1

The auditor familiarizes herself with the CONTROL OBJECTIVES relevant to financial recording.

Question 2

What is the SOC 2 criteria?

Answer 2

The auditor studies the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.

Question 3

If an examination has a SCOPE limitation and effects are MATERIAL and PERVASIVE, what type of opinion is given?

Answer 3

Disclaimer

Question 4

If an examination has a SCOPE limitation and effects are MATERIAL but NOT PERVASIVE, what type of opinion is given?

Answer 4

Qualified

Question 5

If an examination has NO material or scope limitations, what type of opinion is given?

Answer 5

Unqualified (Clean)

Question 6

If an examination has misstatements that are BOTH MATERIAL and PERVASIVE, what type of opinion is given?

Answer 6

Adverse

Question 7

The primary reason to establish internal control is to

Answer 7

Provide reasonable assurance that the objectives of the organization are achieved

Question 8

What do the objectives of internal control involve?

Answer 8

1) Safeguarding assets
2) Promoting reliable financial reporting
3) Ensuring efficient operations
4) Encouraging employees to follow entity policy

Question 9

What does the circle symbol represent in a business process flowchart?

Answer 9

Circles in a business process flowchart are sometimes used to denote connectors, especially when a flowchart is split over multiple pages

Question 10

What does the diamond symbol represent in a business process flowchart?

Answer 10

Decision points are represented by diamonds.

Question 11

What does the parallelogram symbol represent in a business process flowchart?

Answer 11

Input or output points are represented by parallelograms.

Question 12

What does the oval symbol represent in a business process flowchart?

Answer 12

The start or end of a process is denoted by an oval symbol.

Question 13

What are the 4 attributes of suitable criteria used to evaluate controls for a SOC engagement as per the attestation standards?

Answer 13

1) Objectivity: The criteria are free from bias
2) Completeness: The criteria are complete when they do not omit relevant factors.
3) Relevance: The criteria are relevant to the system being evaluated.
4) Measurability: The criteria permit reasonably consistent measurements, qualitative or quantitative of the information.

Question 14

What is a principle of GDPR associated with controlling data?

Answer 14

Accountability

Question 15

What are the 18 controls of version 8 of CIS? Unit 6.6

Question 16

The 3 GDPR objectives are:

Answer 16

1) Est. of rules relating to the protection of natural persons with regards to processing personal data.
2) second objective is the protection of the fundamental rights and freedoms of natural persons and their right to the protection of their personal data
3)The third objective ensures the free movement of personal data within the EU.

DOES NOT restrict movement of personal data outside the EU

Question 17

Which of the following PCI DSS requirements states that network security controls must be defined, understood, and controlled?

Answer 17

Install & maintain network & systems

Question 18

What type of approach does the NIST Privacy Framework employ to ensure that it is adaptable to the needs of organizations and flexible enough to address emerging privacy concerns?

Answer 18

Risk based and outcome based approach

Question 19

Which of the following NIST Privacy Framework Core functions focuses on understanding organizational risk tolerance?

Answer 19

Protect-P

Question 20

What is the role of the project manager during the assessment phase of the change control process?

Answer 20

Determining if the change request is approved or denied

Question 21

Which organizational responsibility defined in NIST SP 800-53 includes the consideration of continuous monitoring of information systems to determine ongoing effectiveness of controls, changes in information systems, and the state of security organization-wide?

Answer 21

Management of security & privacy risk

Question 22

What are the 6 principles of COBIT 2019 governance framework?

Answer 22

1) Meet stakeholder needs
2) Holistic approach
3)Dynamic governance system
4) Distince governance from mgmt
5) Tailored to enterprise needs
6) End-to-end governance system

Question 23

When must an HIPAA covered entity disclose protected health info?

Answer 23

1) to individuals or their personal reps specifically when they request access to or an accounting of disclosure of thier PHI
2) to Health & Human Services when it is undertaking a compliance investigation or review or enforcement action.

Question 24

Which of the following has similar procedures to a SOC 3 engagement?

Answer 24

A SOC examination only

Question 25

Which of the following is included in a SOC 3 engagement?

Answer 25

An assertion by the service organization management

Question 26

What is system-centric modeling?

Answer 26

It is a threat modeling framework that centers on understanding the system being modeled before evaluating threats against it.