Cybersecurity Audit Certificate exam

Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?A . VPNB . IPsecC . SSHD . SFTPView AnswerAnswer: C Explanation: The correct answer is C. SSH. SSH stands for Secure Shell, a client-server program that opens a...

One way to control the integrity of digital assets is through the use of:A . policies.B . frameworks.C . cachingD . hashing.View AnswerAnswer: D Explanation: One way to control the integrity of digital assets is through the use of hashing. This is because hashing is a technique that applies a...

Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?A . Capability maturity model integrationB . Balanced scorecardC . 60 270042009D . COBIT 5View AnswerAnswer: A Explanation: The document that contains the essential elements of effective processes and describes an...

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?A . Evaluation of implementation detailsB . Hands-on testingC . Risk-based shakeoutD . Inventory and discoveryView AnswerAnswer: D Explanation: The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is...

The "recover" function of the NISI cybersecurity framework is concerned with:A . planning for resilience and timely repair of compromised capacities and service.B . identifying critical data to be recovered m case of a security incident.C . taking appropriate action to contain and eradicate a security incident.D . allocating costs...

Security awareness training is MOST effective against which type of threat?A . Command injectionB . Denial of serviceC . Social engineeringD . Social injectionView AnswerAnswer: C Explanation: Security awareness training is MOST effective against social engineering threats. This is because social engineering is a type of attack that exploits human...

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?A . The third party's security program Mows the organization s security program.B . The organization maintains vendor security assessment checklists.C . The third party maintains annual assessments of control effectiveness.D . The organization's...

The GREATEST advantage of using a common vulnerability scoring system is that it helps with:A . risk aggregation.B . risk prioritization.C . risk elimination.D . risk quantificationView AnswerAnswer: B Explanation: The GREATEST advantage of using a common vulnerability scoring system is that it helps with risk prioritization. This is because...

Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?A . It is difficult to know the applicable regulatory requirements when data is located on another country.B . Providers may be reluctant to share technical delays on the extent of...

Which of the following is the MOST important step to determine the risks posed to an organization by social media?A . Review costs related to the organization's social media outages.B . Review cybersecurity insurance requirements for the organization s social media.C . Review the disaster recovery strategy for the organization's...