Cybersecurity Audit Certificate exam

Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?A . Single classification level allocationB . Business process re-engineeringC . Business dependency assessmentD . Comprehensive cyber insurance procurementView AnswerAnswer: C Explanation: The BEST basis for allocating proportional protection activities when...

Which of the following describes specific, mandatory controls or rules to support and comply with a policy?A . FrameworksB . GuidelinesC . BasedineD . StandardsView AnswerAnswer: D Explanation: Specific, mandatory controls or rules to support and comply with a policy are known as standards. This is because standards define the...

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?A . The third party's security program Mows the organization s security program.B . The organization maintains vendor security assessment checklists.C . The third party maintains annual assessments of control effectiveness.D . The organization's...

Which of the following backup procedure would only copy files that have changed since the last backup was made?A . Incremental backupB . Daily backupC . Differential backupD . Full backupView AnswerAnswer: A Explanation: The backup procedure that would only copy files that have changed since the last backup was...

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?A . Evaluation of implementation detailsB . Hands-on testingC . Risk-based shakeoutD . Inventory and discoveryView AnswerAnswer: D Explanation: The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is...

Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?A . Allocating a significant amount of budget to security investmentsB . Adopting industry security standards and frameworksC . Establishing metrics to measure and monitor security performanceD . Conducting annual...

Which of the following is the BEST method of maintaining the confidentiality of digital information?A . Use of access controls, file permissions, and encryptionB . Use of backups and business continuity planningC . Use of logging digital signatures, and write protectionD . Use of the awareness tracing programs and related...

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?A . Evaluation of implementation detailsB . Hands-on testingC . Risk-based shakeoutD . Inventory and discoveryView AnswerAnswer: D Explanation: The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is...

Security awareness training is MOST effective against which type of threat?A . Command injectionB . Denial of serviceC . Social engineeringD . Social injectionView AnswerAnswer: C Explanation: Security awareness training is MOST effective against social engineering threats. This is because social engineering is a type of attack that exploits human...

A healthcare organization recently acquired another firm that outsources its patient information processing to a third-party Software as a Service (SaaS) provider. From a regulatory perspective, which of the following is MOST important for the healthcare organization to determine?A . Cybersecurity risk assessment methodologyB . Encryption algorithms used to encrypt...