Certified Information Systems Auditor (CISA) — Question 1163

Which of the following would be MOST helpful to an IS auditor performing a risk assessment of an application programming interface (API) that feeds credit scores from a well-known commercial credit agency into an organizational system?

Answer options

• A. A data dictionary of the transferred data
• B. A technical design document for the interface configuration
• C. The most recent audit report from the credit agency
• D. The approved business case for the API

Correct answer: B

Explanation

The technical design document for the interface configuration is crucial as it provides detailed insights into how the API operates and its security measures. While the other options may offer some relevant information, they do not provide the same level of detail regarding the API's architecture and potential vulnerabilities.