Cybersecurity Audit Certificate exam

Which of the following is the BEST indication that an organization’s vulnerability management process is operating effectively?A . Remediation efforts are communicated to managementB . The vulnerability program is formally approvedC . The vulnerability program is reviewed annually.D . Remediation efforts are prioritized.View AnswerAnswer: D Explanation: The BEST indication that...

Availability can be protected through the use of:A . user awareness training and related end-user training.B . access controls. We permissions, and encryption.C . logging, digital signatures, and write protection.D . redundancy, backups, and business continuity managementView AnswerAnswer: D Explanation: Availability can be protected through the use of redundancy, backups,...

Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?A . Single classification level allocationB . Business process re-engineeringC . Business dependency assessmentD . Comprehensive cyber insurance procurementView AnswerAnswer: C Explanation: The BEST basis for allocating proportional protection activities when...

Which of the following describes specific, mandatory controls or rules to support and comply with a policy?A . FrameworksB . GuidelinesC . BasedineD . StandardsView AnswerAnswer: D Explanation: Specific, mandatory controls or rules to support and comply with a policy are known as standards. This is because standards define the...

The second line of defense in cybersecurity includes:A . conducting organization-wide control self-assessments.B . risk management monitoring, and measurement of controls.C . separate reporting to the audit committee within the organization.D . performing attack and breach penetration testing.View AnswerAnswer: B Explanation: The second line of defense in cybersecurity includes risk...

Within the NIST core cybersecurity framework, which function is associated with using organizational understanding to minimize risk to systems, assets, and data?A . DetectB . IdentifyC . RecoverD . RespondView AnswerAnswer: B Explanation: Within the NIST core cybersecurity framework, the identify function is associated with using organizational understanding to minimize...

Which of the following provides the GREATEST assurance that data can be recovered and restored in a timely manner in the event of data loss?A . Backups of information are regularly tested.B . Data backups are available onsite for recovery.C . The recovery plan is executed during or after an...

A healthcare organization recently acquired another firm that outsources its patient information processing to a third-party Software as a Service (SaaS) provider. From a regulatory perspective, which of the following is MOST important for the healthcare organization to determine?A . Cybersecurity risk assessment methodologyB . Encryption algorithms used to encrypt...

A cloud service provider is used to perform analytics on an organization's sensitive dat a. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?A . The service providerB . Dependent upon the nature of breathC . Dependent upon...

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?A . Evaluation of implementation detailsB . Hands-on testingC . Hand-based shakeoutD . Inventory and discoveryView AnswerAnswer: D Explanation: The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is...