Certified Information Systems Auditor (CISA) — Question 686

Which of the following is MOST important for an IS auditor to confirm when assessing the security of a new cloud-based IT application that is linked with the organization’s existing technology?

Answer options

• A. The application programming interfaces (APIs) are adequately secured.
• B. The on-premise database has adequate encryption at rest.
• C. The cloud provider shares an external audit report.
• D. The organization has a flat network structure.

Correct answer: A

Explanation

Confirming that the application programming interfaces (APIs) are adequately secured is crucial because they are often the points of integration and potential vulnerability between the cloud application and existing systems. While encryption of the on-premise database and external audit reports are important, they do not directly address the security of the cloud application's interfaces. A flat network structure is generally not a security best practice and does not pertain to the specific assessment of the new application.