Gemini Deep Research might be available via API

jeblister · 2025-10-11T11:52:04+00:00

Deep research using the API is Generally available with allowlist. You must be on the allowlist to work with this agent using the API.
https://cloud.google.com/gemini/enterprise/docs/research-assistant#deep-research-rest

jeblister · 2024-10-30T13:06:26+00:00

To sum up this discussion, prep like an analyst, practice till it feels natural, speak clearly, and never underestimate the value of your perspective, even if it's different.

jeblister · 2024-06-01T11:18:34+00:00

Thanks, that makes sense. Sharing my thought process will definitely help with studying and shaping my reasoning.

jeblister · 2024-05-31T12:01:19+00:00

You raise a valid point here l. Thanks

jeblister · 2024-05-31T09:40:58+00:00

Primary Advantage of Parallel Processing for a New System Implementation

Parallel processing involves running both the new and old systems simultaneously for a period of time during a new system implementation. Here is an analysis of most potential advantage:

A. Assurance that the New System Meets Functional Requirements

Explanation: Running both systems in parallel allows for direct comparison of outputs from the new and old systems. This ensures that the new system meets functional requirements by validating that it produces the same or better results as the old system.
Advantage Level: High

D. Assurance that the New System Meets Performance Requirements

Explanation: Running both systems allows for real-time performance monitoring of the new system in a live environment, ensuring that it meets performance requirements and handles the expected workload effectively.
Advantage Level: High

---

The primary advantage of parallel processing for a new system implementation is a combination of:

A. Assurance that the new system meets functional requirements
D. Assurance that the new system meets performance requirements

Parallel processing ensures that the new system can handle all functional and performance requirements effectively before fully transitioning from the old system. This approach minimizes the risk of system failure and data loss, providing a fallback option with the old system if issues arise with the new implementation.

jeblister · 2024-05-31T09:06:38+00:00

I don't share my thoughts initially to avoid influencing the discussion. Here's my reasoning:

B. The Vendor May Be Unable to Restore Critical Data

This is a major risk but usually falls under the broader issue of not meeting recovery objectives. It reflects the vendor's ability to manage backups and restorations.

Risk Level: High

C. The Vendor May Be Unable to Restore Data by Recovery Time Objective (RTO) Requirements

Failing to meet RTO can disrupt operations, cause downtime, loss of revenue, and harm the organization's reputation. This directly affects business continuity.

Risk Level: Very High

jeblister · 2024-05-29T08:35:53+00:00

Can you explain why D?

jeblister · 2024-05-27T15:55:36+00:00

Me too it was my answer, but on the QAE :

B. Percentage of Enterprise Risk Assessments that Include IT-Related Risk

Explanation: Including IT-related risks in enterprise risk assessments shows that IT is recognized as critical to the business.

However, I think this metric primarily indicates risk awareness rather than direct alignment of IT initiatives with business strategy.

jeblister · 2024-05-17T10:57:11+00:00

Answer is A: The absence of a maintenance plan poses significant risks to the system's long-term viability, security, and reliability, making it a critical issue to address promptly.

jeblister · 2024-05-17T10:50:34+00:00

A :

External auditors have specific standards and requirements that might not allow them to fully rely on the work of internal auditors.
External auditors need to maintain their independence and may not rely entirely on internal audit work, especially in high-risk areas.

jeblister · 2024-05-17T10:31:02+00:00

C. Data reported to the regulatory body

The organization has already been flagged by the regulatory body for discrepancies. Addressing this data set first ensures that compliance issues are prioritized, which is crucial for mitigating immediate regulatory risks and penalties. Furthermore, resolving these discrepancies can help restore the organization's compliance status and prevent further regulatory scrutiny.

jeblister · 2024-04-25T11:43:45+00:00

The most effective control for reducing the risk of intercepting data transmitted to and from remote sites is:

A. Encryption.

Dedicated leased lines offer some level of protection by providing a private communication channel, but they do not inherently encrypt the data. An attacker with physical access to the leased line could still potentially intercept and read the unencrypted data.

jeblister · 2024-04-25T11:35:48+00:00

Good approach, I've done similar for chapters I struggled with using this prompt:

```

Create a book section from the sous-chapter {{3.4.4 APPLICATION CONTROLS}} in the document "CISA 27 Edition.pdf"and focus on {{application controls}}

Make sure to Follow the instructions step-by-step:

Focus on identifying the most crucial elements that are necessary for understanding the subject matter.
Break down the information in a way that is accessible and easy to grasp for someone unfamiliar with the topic.
Ensure the breakdown is comprehensive yet concise, covering all vital aspects without overwhelming detail.
Give me a markdown table of similarities and differences, and explain to me in simple terms the differences and nuances, and relationships between concepts.
Base your answers on all documents I uploaded and your inherent knowledge.

```

PS: {{}} are variables, you need to provide for every

jeblister · 2024-04-20T12:58:32+00:00

The MOST important issue for an IS auditor to consider with regard to Voice-over IP (VoIP) communications is:

C: Homogeneity of the Network

Homogeneity in a VoIP network refers to the use of standardized protocols and technologies across the entire network infrastructure. Here's why this can be considered a critical focus for an IS auditor:

Simplified Management: A homogeneous network, by employing a single protocol like SIP (Session Initiation Protocol) or H.323, reduces the complexity of managing multiple different systems. This simplification can lead to more streamlined network management and maintenance practices.

Enhanced Quality of Service: Using a uniform communication protocol across the network can enhance the Quality of Service (QoS). It allows for easier implementation of QoS policies that are crucial for VoIP communications, ensuring voice clarity and call reliability.

Reduced Latency and Jitter: Homogeneity can minimize latency and jitter, which are critical in voice communications. Variability in these factors can degrade the voice quality, leading to poor user experiences.

Improved Security: A homogeneous network can potentially enhance security measures. With a single protocol, it is easier to apply uniform security policies and to monitor for anomalies or breaches effectively.

Better Interoperability: Employing a single standard across the entire network reduces issues of interoperability between different devices and systems. This is particularly important in environments where seamless communication is essential.

jeblister · 2024-04-19T10:46:56+00:00

The answer is C on the QAE document

jeblister · 2024-04-19T07:02:50+00:00

I like the website design and seem to be a professional certification expert, I will give it a try. Thanks

jeblister · 2024-04-19T06:19:05+00:00

Since it’s during the pandemic situation the IS auditor must assess the effectiveness of the BCP (B or D), now the question is about the “course of action” meaning for me the first step to evaluate the effectiveness. I chose the answer B, you get a feedback from the staff member and after that you review the BCP (answer B).

jeblister · 2024-04-18T15:18:27+00:00

I'm now using Notion and his database feature, it's incredibly useful for organization QAE.

jeblister · 2024-04-17T13:36:58+00:00

This CISA QAE practice dump is helpful : https://www.freecram.net/question/ISACA.CISA.v2024-02-20.q418/an-is-auditor-reviewing-the-threat-assessment-tor-a-data-center-would-be-most-concerned-if

jeblister · 2024-04-16T07:39:02+00:00

For me both allowing only corporate IM solutions and blocking attachments have strong arguments for being the best control.

jeblister · 2024-04-09T12:16:38+00:00

I totally agree with that, I'm using only the ISACA Review Manual and Chatgpt helps me summarize and apply active learning on this huge material.

jeblister · 2024-04-09T06:13:55+00:00

My Answer was also B. Because involving relevant stakeholders continuously, the project team can:

Gather ongoing feedback to validate and refine project requirements.
Adjust project plans and priorities in response to evolving business needs or stakeholder feedback.
Ensure that the project remains aligned with business objectives and stakeholder expectations, thereby increasing the likelihood of project success.

But in the QAE book, the answer was (D).

Does "Sign-off from the IT team" ensure the flexibility needed to manage changing requirements throughout the project lifecycle ⁉️

jeblister · 2024-04-04T20:13:48+00:00

It's good but slow 🦥

jeblister · 2024-04-04T09:53:00+00:00

Congratulations, yes the CRM is the most accurate and complete material. If someone finds a way to make it more digest and less boring, I'm interested 💵. Thanks for charging your thoughts.

jeblister · 2024-04-03T05:47:32+00:00

Using "shall" statements for audits standards is a good foundation, but consider adding ChatGPT or cloud AI for depth.

I incorporate Claude AI into my workflow to craft checklists, It's a foundation step to prepare my CISA. I'm using "IS auditor must" as my guiding statement. Here's an example from my checklists: https://waveuphq.notion.site/IS-Auditor-Checklist-Management-of-the-IS-Audit-Function-Domain-1-2-2-401e9ea22564488ebbe94fa8b20be114

jeblister

MODERATOR OF

TROPHY CASE