Certified Information Systems Auditor (CISA) — Question 75

Which of the following is the MOST reliable way for an IS auditor to evaluate the operational effectiveness of an organization's data loss prevention (DLP) controls?

Answer options

• A. Conduct interviews to identify possible data protection vulnerabilities.
• B. Verify that confidential files cannot be transmitted to a personal USB device.
• C. Verify that current DLP software is installed on all computer systems.
• D. Review data classification levels based on industry best practice

Correct answer: B

Explanation

The correct answer, B, is the most reliable because it directly tests the DLP controls' primary function of preventing unauthorized data transfer. While A, C, and D provide useful information about the DLP program, they do not directly measure the effectiveness of the controls in preventing data loss.