CISA Exam Dumps - Certified Information Systems Auditor

AWeb Application Firewall (WAF) (A) is the best control to mitigate SQL injection attacks because it can detect and block malicious SQL queries before they reach the application.WAFs analyze incoming requests, filter SQL injection attempts, and provide an additional layer of security for web applications.

Other options:

SQL server hardening (B)improves security but does not specifically address SQL injection.

Patch management (C)is necessary but does not provide immediate protection against new SQL injection attacks.

Physical controls (D)are unrelated to application-layer threats like SQL injection.

Comprehensive and Detailed Step-by-Step Explanation:

AnIT strategymust bealigned with business objectives, not solely based onmarket trends.

Strategic IT Goals Derived Solely from Market Trends (Correct Answer – D)

IT strategy should supportorganizational goals, not justfollow industry trends.

Example:A company investing inAIjust because it’strendy, without considering business needs.

Previous Year’s IT Goals Not Achieved (Incorrect – A)

A concern, butdoes not indicate a fundamental strategy flaw.

Target Architecture Defined at a Technical Level (Incorrect – B)

Technical details are important for implementation.

Financial Estimates Included (Incorrect – C)

Cost transparency is agood practice.

References:

ISACA CISA Review Manual

COBIT 2019 (IT Governance)

Comprehensive and Detailed Step-by-Step Explanation:

Theprimary concernwhen auditing an AI-powered chatbot is ensuring thesafeguarding of personal datato comply with privacy regulations such asGDPR, CCPA, and ISO 27701. AI chatbots process customer inquiries, often handling sensitive personal data.

Safeguarding of Personal Data (Correct Answer – A)

Ensures compliance with data protection laws.

Reduces the risk of unauthorized access or data leakage.

Example:An AI chatbot collecting customer financial information must follow encryption and access control policies.

Compliance with Industry Standards (Incorrect – B)

Important, but protecting customer data takes priority over general compliance.

Speed and Accuracy of Chatbot Responses (Incorrect – C)

A performance metric, but not a primary audit focus.

AI’s Ability to Handle Multiple Queries (Incorrect – D)

Efficiency metric, but does not address security risks.

References:

ISACA CISA Review Manual

ISO 27701 (Privacy Information Management System)

GDPR & CCPA Compliance Guidelines