- All Exams Instant Download
Cyber threat intelligence aims to research and analyze trends and technical developments in which of the following areas?
Cyber threat intelligence aims to research and analyze trends and technical developments in which of the following areas?A . Industry-specific security regulatorB . Cybercrime, hacktism. and espionageC . Cybersecurity risk scenariosD . Cybersecurity operations managementView AnswerAnswer: B
Security awareness training is MOST effective against which type of threat?
Security awareness training is MOST effective against which type of threat?A . Command injectionB . Denial of serviceC . Social engineeringD . Social injectionView AnswerAnswer: C
Which of the following is an objective of public key infrastructure (PKI)?
Which of the following is an objective of public key infrastructure (PKI)?A . Creating the private-public key pair for secure communicationsB . Independently authenticating the validity of the sender's public keyC . Securely distributing secret keys to the communicating partiesD . Approving the algorithm to be used during data transmissionView...
What is the PRIMARY purpose of creating a security architecture?
What is the PRIMARY purpose of creating a security architecture?A . To visually show gaps in information security controlsB . To create a long-term information security strategyC . To map out how security controls interact with an organization's systemsD . To provide senior management a measure of information security maturityView...
Which of the following BIST enables continuous identification and mitigation of security threats to an organization?
Which of the following BIST enables continuous identification and mitigation of security threats to an organization?A . demit/ and access management (1AM)B . Security operations center (SOC)C . Security training and awarenessD . Security information and event management (SEM)View AnswerAnswer: B
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?A . Single classification level allocationB . Business process re-engineeringC . Business dependency assessmentD . Comprehensive cyber insurance procurementView AnswerAnswer: C
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?A . Evaluation of implementation detailsB . Hands-on testingC . Risk-based shakeoutD . Inventory and discoveryView AnswerAnswer: D
Which of the following is the BEST indication of mature third-party vendor risk management for an organization?
Which of the following is the BEST indication of mature third-party vendor risk management for an organization?A . The third party's security program Mows the organization s security program.B . The organization maintains vendor security assessment checklists.C . The third party maintains annual assessments of control effectiveness.D . The organization's...
Availability can be protected through the use of:
Availability can be protected through the use of:A . user awareness training and related end-user training.B . access controls. We permissions, and encryption.C . logging, digital signatures, and write protection.D . redundancy, backups, and business continuity managementView AnswerAnswer: D
Which of the following is MOST important to verify when reviewing the effectiveness of an organization's identity management program?
Which of the following is MOST important to verify when reviewing the effectiveness of an organization's identity management program?A . Processes are approved by the process owner.B . Processes are aligned with industry best practices.C . Processes are centralized and standardized.D . Processes are updated and documented annually.View AnswerAnswer: B
