Cybersecurity Audit Certificate exam

The second line of defense in cybersecurity includes:A . conducting organization-wide control self-assessments.B . risk management monitoring, and measurement of controls.C . separate reporting to the audit committee within the organization.D . performing attack and breach penetration testing.View AnswerAnswer: B Explanation: The second line of defense in cybersecurity includes risk...

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?A . Evaluation of implementation detailsB . Hands-on testingC . Hand-based shakeoutD . Inventory and discoveryView AnswerAnswer: D Explanation: The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is...

Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?A . It is difficult to know the applicable regulatory requirements when data is located on another country.B . Providers may be reluctant to share technical delays on the extent of...

A cloud service provider is used to perform analytics on an organization's sensitive dat a. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?A . The service providerB . Dependent upon the nature of breathC . Dependent upon...

Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?A . VPNB . IPsecC . SSHD . SFTPView AnswerAnswer: C Explanation: The correct answer is C. SSH. SSH stands for Secure Shell, a client-server program that opens a...

The GREATEST advantage of using a common vulnerability scoring system is that it helps with:A . risk aggregation.B . risk prioritization.C . risk elimination.D . risk quantificationView AnswerAnswer: B Explanation: The GREATEST advantage of using a common vulnerability scoring system is that it helps with risk prioritization. This is because...

Within the NIST core cybersecurity framework, which function is associated with using organizational understanding to minimize risk to systems, assets, and data?A . DetectB . IdentifyC . RecoverD . RespondView AnswerAnswer: B Explanation: Within the NIST core cybersecurity framework, the identify function is associated with using organizational understanding to minimize...

Availability can be protected through the use of:A . user awareness training and related end-user training.B . access controls. We permissions, and encryption.C . logging, digital signatures, and write protection.D . redundancy, backups, and business continuity managementView AnswerAnswer: D Explanation: Availability can be protected through the use of redundancy, backups,...

Which of the following is the MOST important step to determine the risks posed to an organization by social media?A . Review costs related to the organization's social media outages.B . Review cybersecurity insurance requirements for the organization s social media.C . Review the disaster recovery strategy for the organization's...

Which of the following is the BEST indication that an organization’s vulnerability management process is operating effectively?A . Remediation efforts are communicated to managementB . The vulnerability program is formally approvedC . The vulnerability program is reviewed annually.D . Remediation efforts are prioritized.View AnswerAnswer: D Explanation: The BEST indication that...