Valid IIA-CIA-Part3 Dumps shared by EduDump.com for Helping Passing IIA-CIA-Part3 Exam! EduDump.com now offer the newest IIA-CIA-Part3 exam dumps, the EduDump.com IIA-CIA-Part3 exam questions have been updated and answers have been corrected get the newest EduDump.com IIA-CIA-Part3 dumps with Test Engine here:
An organization's IT systems can only be accessed using the organization's virtual private network. However, organizational emails, videoconferencing, and file-sharing tools are cloud-based and can be accessed using multi-factor authentication via any device. Which of the following risks should the organization acknowledge?
Correct Answer: A
Cloud-based applications accessible outside the VPN perimeter increase the possibility of data leakage through unapproved or unsecured applications (shadow IT). Even with multi-factor authentication, risks remain around the use of personal devices and uncontrolled storage or sharing. Option B is incorrect because VPNs are generally secure if configured correctly. Option C is misleading, as remote access controls can be effective in cloud solutions when properly designed. Option D (employees accessing emails after hours) is not a risk related to security but rather a work-life balance issue. Thus, the key risk is potential leakage of organizational data via unapproved or uncontrolled applications (Option A). Reference: IIA Global Technology Audit Guide (GTAG): Auditing Cloud Computing; IIA Standards - Standard 2110: Governance.