• Home
  • Articles
  • Printable & Easy to Use Cybersecurity-Audit-Certificate Dumps 100% Same Q&A In Your Real Exam [Q27-Q49]

Printable & Easy to Use Cybersecurity-Audit-Certificate Dumps 100% Same Q&A In Your Real Exam [Q27-Q49]

Share

Printable & Easy to Use Cybersecurity-Audit-Certificate Dumps 100% Same Q&A In Your Real Exam

Cybersecurity-Audit-Certificate Practice Test Give You First Time Success with 100% Money Back Guarantee!

NEW QUESTION # 27
Which of the following is an objective of public key infrastructure (PKI)?

  • A. Independently authenticating the validity of the sender's public key
  • B. Creating the private-public key pair for secure communications
  • C. Approving the algorithm to be used during data transmission
  • D. Securely distributing secret keys to the communicating parties

Answer: A

Explanation:
Explanation
An objective of public key infrastructure (PKI) is to independently authenticate the validity of the sender's public key. PKI is a system that uses cryptographic keys to secure communications and transactions. PKI involves a trusted third party called a certificate authority (CA) that issues digital certificates that link a public key with an identity. The recipient can use the CA's public key to verify the sender's certificate and public key.


NEW QUESTION # 28
Which of the following features of continuous auditing provides the BEST level of assurance over traditional sampling?

  • A. Automated tools provide more reliability than an auditors personal judgment
  • B. Continuous auditing tools are less complex for auditors to manage.
  • C. Reports can be generated more frequently for management.
  • D. Voluminous dale can be analyzed at a high speed to show relevant patterns.

Answer: D

Explanation:
Explanation
The feature of continuous auditing that provides the BEST level of assurance over traditional sampling is that voluminous data can be analyzed at a high speed to show relevant patterns. This is because continuous auditing is a technique that uses automated tools and processes to perform audit activities on a continuous or near-real-time basis, and to analyze large amounts of data from various sources and systems. Continuous auditing helps to provide a higher level of assurance than traditional sampling, by covering the entire population of transactions or events, rather than a subset or sample, and by identifying trends, anomalies, or exceptions that may indicate risks or issues. The other options are not features of continuous auditing that provide the best level of assurance over traditional sampling, but rather different aspects or benefits of continuous auditing, such as reporting frequency (A), reliability (B), or complexity (D).


NEW QUESTION # 29
What is the MAIN consideration when storing backup files?

  • A. Storing copies on-site for ease of access during incident response
  • B. Storing backup files on public cloud storage
  • C. Protecting the off-site data backup copies from unauthorized access
  • D. Utilizing solid slate device (SSDJ media for quick recovery

Answer: C

Explanation:
Explanation
The MAIN consideration when storing backup files is protecting the off-site data backup copies from unauthorized access. This is because protecting the off-site data backup copies from unauthorized access helps to ensure the confidentiality and integrity of the backup data, and prevent any unauthorized or malicious disclosure, modification, or deletion of the backup data. Protecting the off-site data backup copies from unauthorized access also helps to comply with any regulatory or contractual requirements that may apply to the backup data. The other options are not the main consideration when storing backup files, but rather different aspects or factors that affect the backup process, such as using solid state device (SSD) media (A), storing backup files on public cloud storage (B), or storing copies on-site (D).


NEW QUESTION # 30
The protection of information from unauthorized access or disclosure is known as:

  • A. access control.
  • B. confidentiality.
  • C. cryptograph
  • D. media protect on.

Answer: B

Explanation:
Explanation
The protection of information from unauthorized access or disclosure is known as confidentiality. This is because confidentiality is one of the three main objectives of information security, along with integrity and availability. Confidentiality ensures that information is accessible and readable only by those who are authorized and intended to do so, and prevents unauthorized or accidental exposure of information to unauthorized parties. The other options are not the protection of information from unauthorized access or disclosure, but rather different concepts or techniques that are related to information security, such as access control (A), cryptography (B), or media protection C.


NEW QUESTION # 31
In public key cryptography, digital signatures are primarily used to;

  • A. ensure message accuracy.
  • B. ensure message integrity.
  • C. maintain confidentiality.
  • D. prove sender authenticity.

Answer: D

Explanation:
Explanation
In public key cryptography, digital signatures are primarily used to prove sender authenticity. A digital signature is a cryptographic technique that allows the sender of a message to sign it with their private key, which can only be decrypted by their public key. The recipient can verify that the message was sent by the sender and not tampered with by using the sender's public key.


NEW QUESTION # 32
What is the PRIMARY purpose of creating a security architecture?

  • A. To create a long-term information security strategy
  • B. To map out how security controls interact with an organization's systems
  • C. To provide senior management a measure of information security maturity
  • D. To visually show gaps in information security controls

Answer: A

Explanation:
Explanation
The PRIMARY purpose of creating a security architecture is to create a long-term information security strategy that aligns with the organization's business goals and objectives. A security architecture defines the vision, principles, standards, policies, and guidelines for how security will be implemented and managed across the organization's systems, networks, and data.


NEW QUESTION # 33
Which of the following are politically motivated hackers who target specific individuals or organizations to achieve various ideological ends?

  • A. Malware researchers
  • B. Cybercriminals
  • C. Hacktivists
  • D. Script kiddies

Answer: C

Explanation:
Explanation
Hacktivists are politically motivated hackers who target specific individuals or organizations to achieve various ideological ends. They may use various methods such as defacing websites, launching denial-of-service attacks, leaking confidential information, or spreading propaganda to advance their causes or protest against perceived injustices.


NEW QUESTION # 34
In cloud computing, which type of hosting is MOST appropriate for a large organization that wants greater control over the environment?

  • A. Hybrid hosting
  • B. Private hosting
  • C. Shared hosting
  • D. Public hosting

Answer: B

Explanation:
Explanation
In cloud computing, the type of hosting that is MOST appropriate for a large organization that wants greater control over the environment is private hosting. Private hosting is a type of cloud service model where the cloud infrastructure is dedicated to a single organization and hosted either on-premise or off-premise by a third-party provider. Private hosting offers more control over the security, performance, customization, and compliance of the cloud environment than other types of hosting.


NEW QUESTION # 35
Which of the following devices is at GREATEST risk from activity monitoring and data retrieval?

  • A. Mobile devices
  • B. Printing devices
  • C. Cloud storage devices
  • D. Desktop workstation

Answer: A

Explanation:
Explanation
The device that is at GREATEST risk from activity monitoring and data retrieval is mobile devices. This is because mobile devices are devices that are portable, wireless, and connected to the Internet or other networks, such as smartphones, tablets, laptops, etc. Mobile devices are at greatest risk from activity monitoring and data retrieval, because they can be easily lost, stolen, or compromised by attackers who can access or extract the data stored or transmitted on the devices. Mobile devices can also be subject to activity monitoring and data retrieval by third-party applications or services that may collect or share the user's personal or sensitive information without their consent or knowledge. The other options are not devices that are at greatest risk from activity monitoring and data retrieval, but rather different types of devices that may have different levels of risk or protection from activity monitoring and data retrieval, such as cloud storage devices (B), desktop workstations C, or printing devices (D).


NEW QUESTION # 36
Within the NIST core cybersecurity framework, which function is associated with using organizational understanding to minimize risk to systems, assets, and data?

  • A. Detect
  • B. Recover
  • C. Respond
  • D. Identify

Answer: D

Explanation:
Explanation
Within the NIST core cybersecurity framework, the identify function is associated with using organizational understanding to minimize risk to systems, assets, and data. This is because the identify function helps organizations to develop an organizational understanding of their cybersecurity risk management posture, as well as the threats, vulnerabilities, and impacts that could affect their business objectives. The other functions are not directly related to using organizational understanding, but rather focus on detecting (A), recovering C, or responding (D) to cybersecurity events.


NEW QUESTION # 37
Cyber threat intelligence aims to research and analyze trends and technical developments in which of the following areas?

  • A. Cybercrime, hacktism. and espionage
  • B. Cybersecurity risk scenarios
  • C. Cybersecurity operations management
  • D. Industry-specific security regulator

Answer: A

Explanation:
Explanation
Cyber threat intelligence aims to research and analyze trends and technical developments in the areas of cybercrime, hacktivism, and espionage. These are the main sources of malicious cyber activities that pose risks to organizations and individuals. Cyber threat intelligence helps to understand the motivations, capabilities, tactics, techniques, and procedures of various threat actors and groups.


NEW QUESTION # 38
While risk is measured by potential activity, which of the following describes the actual occurrence of a threat?

  • A. Payload
  • B. Vulnerability
  • C. Target
  • D. Attack

Answer: D

Explanation:
Explanation
An attack is the actual occurrence of a threat, which is a potential activity that could harm an asset. An attack is the result of a threat actor exploiting a vulnerability in a system or network to achieve a malicious objective.
For example, a denial-of-service attack is the occurrence of a threat that aims to disrupt the availability of a service.


NEW QUESTION # 39
Which of the following is the MOST important consideration when choosing between different types of cloud services?

  • A. Emerging risk and infrastructure scalability
  • B. Security features available on demand
  • C. Reputation of the cloud providers
  • D. Overall risk and benefits

Answer: D

Explanation:
Explanation
The MOST important consideration when choosing between different types of cloud services is the overall risk and benefits. This is because choosing between different types of cloud services involves weighing the trade-offs between the risk and benefits of each type of cloud service, such as Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS). For example, SaaS may offer more benefits in terms of cost savings, scalability, and usability, but also more risks in terms of security, privacy, and compliance. On the other hand, IaaS may offer more benefits in terms of flexibility, customization, and control, but also more risks in terms of complexity, management, and maintenance. The other options are not the most important consideration when choosing between different types of cloud services, but rather different aspects or factors that affect the choice of cloud services, such as emerging risk and infrastructure scalability (A), security features available on demand (B), or reputation of the cloud providers (D).


NEW QUESTION # 40
The risk of an evil twin attack on mobile devices is PRIMARILY due to:

  • A. tokens stored as plain text in many mobile device applications.
  • B. weak authentication protocols in wireless networks.
  • C. generic names that mobile devices will accept without verification.
  • D. use of data transmission that is not always encrypted.

Answer: C

Explanation:
Explanation
The risk of an evil twin attack on mobile devices is PRIMARILY due to the use of generic names that mobile devices will accept without verification. An evil twin attack is a type of wireless network attack where an attacker sets up a rogue access point that mimics a legitimate one. The attacker can then lure unsuspecting users to connect to the rogue access point and intercept their data or launch further attacks. Mobile devices are vulnerable to evil twin attacks because they often use generic names for their wireless networks, such as "Free WiFi" or "Public Hotspot". These names can be easily spoofed by an attacker and accepted by mobile devices without verifying the identity or security of the access point.


NEW QUESTION # 41
One way to control the integrity of digital assets is through the use of:

  • A. caching
  • B. frameworks.
  • C. hashing.
  • D. policies.

Answer: C

Explanation:
Explanation
One way to control the integrity of digital assets is through the use of hashing. This is because hashing is a technique that applies a mathematical function to a digital asset, such as a file or a message, and produces a unique and fixed-length value, known as a hash or a digest. Hashing helps to verify the integrity of digital assets, by comparing the hash values before and after transmission or storage, and detecting any changes or modifications to the original asset. The other options are not ways to control the integrity of digital assets, but rather different concepts or techniques that are related to information security, such as policies (A), frameworks (B), or caching C.


NEW QUESTION # 42
Which of the following BEST facilitates the development of metrics for repotting to senior management on vulnerability management efforts?

  • A. Monitoring the frequency of vulnerability assessments using automated scans
  • B. Regularly benchmarking the number of new vulnerabilities identified with industry peers
  • C. Tracking vulnerabilities and the remediation efforts to mitigate them
  • D. Reviewing business impact analysis (BIA) results

Answer: C

Explanation:
Explanation
The BEST feature that facilitates the development of metrics for reporting to senior management on vulnerability management efforts is tracking vulnerabilities and the remediation efforts to mitigate them. This is because tracking vulnerabilities and remediation efforts helps to measure and monitor the performance and effectiveness of vulnerability management efforts, by providing quantifiable and objective data on the number, severity, impact, status, and resolution time of vulnerabilities. Tracking vulnerabilities and remediation efforts also helps to identify and communicate any gaps or issues in vulnerability management efforts to senior management and other stakeholders. The other options are not features that facilitate the development of metrics for reporting to senior management on vulnerability management efforts, but rather different aspects or factors that affect vulnerability management efforts, such as reviewing business impact analysis (BIA) results (A), benchmarking with industry peers (B), or monitoring the frequency of vulnerability assessments (D).


NEW QUESTION # 43
Which of the following is a passive activity that could be used by an attacker during reconnaissance to gather information about an organization?

  • A. Scanning the network perimeter
  • B. Using open source discovery
  • C. Social engineering
  • D. Crafting counterfeit websites

Answer: B

Explanation:
Explanation
A passive activity that could be used by an attacker during reconnaissance to gather information about an organization is using open source discovery. This is because open source discovery is a technique that involves collecting and analyzing publicly available information about an organization, such as its website, social media, press releases, annual reports, etc. Open source discovery does not require any direct interaction or communication with the target organization or its systems or network, and therefore does not generate any traffic or alerts that could be detected by the organization's security controls. The other options are not passive activities that could be used by an attacker during reconnaissance to gather information about an organization, but rather active activities that involve direct or indirect interaction or communication with the target organization or its systems or network, such as scanning the network perimeter (B), social engineering C, or crafting counterfeit websites (D).


NEW QUESTION # 44
What would be an IS auditor's BEST response to an IT managers statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device?

  • A. The risk associated with mobile devices cannot be mitigated with similar controls for workstations.
  • B. Replication of privileged access and the greater likelihood of physical loss increases risk levels.
  • C. The risk associated with mobile devices is less than that of other devices and systems.
  • D. The ability to wipe mobile devices and disable connectivity adequately mitigates additional

Answer: B

Explanation:
Explanation
The BEST response to an IT manager's statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device is that replication of privileged access and the greater likelihood of physical loss increases risk levels. Mobile devices pose unique risks to an organization due to their portability, connectivity, and functionality. Mobile devices may store or access sensitive data or systems that require privileged access, which can be compromised if the device is lost, stolen, or hacked. Mobile devices also have a higher chance of being misplaced or taken by unauthorized parties than other devices.


NEW QUESTION # 45
The "recover" function of the NISI cybersecurity framework is concerned with:

  • A. taking appropriate action to contain and eradicate a security incident.
  • B. allocating costs incurred as part of the implementation of cybersecurity measures.
  • C. planning for resilience and timely repair of compromised capacities and service.
  • D. identifying critical data to be recovered m case of a security incident.

Answer: C

Explanation:
Explanation
The "recover" function of the NIST cybersecurity framework is concerned with planning for resilience and timely repair of compromised capacities and service. This is because the recover function helps organizations to restore normal operations as quickly as possible after a cybersecurity incident, while also learning from the incident and improving their security posture. The other options are not part of the recover function, but rather belong to the identify (B), respond C, or protect (D) functions.


NEW QUESTION # 46
Which of the following BIST enables continuous identification and mitigation of security threats to an organization?

  • A. Security operations center (SOC)
  • B. Security training and awareness
  • C. demit/ and access management (1AM)
  • D. Security information and event management (SEM)

Answer: A

Explanation:
Explanation
A security operations center (SOC) is a centralized unit that monitors, detects, analyzes, and responds to cyber threats and incidents in real time. A SOC enables continuous identification and mitigation of security threats to an organization by using various tools, processes, and expertise.


NEW QUESTION # 47
Which of the following is the MOST important step to determine the risks posed to an organization by social media?

  • A. Review costs related to the organization's social media outages.
  • B. Review access control processes for the organization's social media accounts.
  • C. Review cybersecurity insurance requirements for the organization s social media.
  • D. Review the disaster recovery strategy for the organization's social media.

Answer: B

Explanation:
Explanation
The MOST important step to determine the risks posed to an organization by social media is to review access control processes for the organization's social media accounts. This is because access control processes help to ensure that only authorized users can access, modify, or share the organization's social media accounts and content, and prevent unauthorized or malicious access or disclosure of sensitive or confidential information.
Access control processes also help to protect the organization's reputation and brand image from being compromised or damaged by unauthorized or inappropriate social media posts. The other options are not as important as reviewing access control processes for the organization's social media accounts, because they either relate to costs (A), insurance (B), or recovery C aspects that are not directly related to the risks posed by social media.


NEW QUESTION # 48
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

  • A. Inventory and discovery
  • B. Hand-based shakeout
  • C. Evaluation of implementation details
  • D. Hands-on testing

Answer: A

Explanation:
Explanation
The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is because the inventory and discovery phase helps auditors to identify and document the scope, objectives, and approach of the audit, as well as the cryptographic assets, systems, processes, and stakeholders involved in the cryptographic environment. The inventory and discovery phase also helps auditors to assess the maturity and effectiveness of the cryptographic governance and management within the organization. The other phases are not the first phase of the ISACA framework for auditors reviewing cryptographic environments, but rather follow after the inventory and discovery phase, such as evaluation of implementation details (A), hands-on testing (B), or risk-based shakeout C.


NEW QUESTION # 49
......

Fully Updated Free Actual ISACA Cybersecurity-Audit-Certificate Exam Questions: https://www.braindumpspass.com/ISACA/Cybersecurity-Audit-Certificate-practice-exam-dumps.html

All Obstacles During Cybersecurity-Audit-Certificate Exam Preparation with Cybersecurity-Audit-Certificate Real Test Questions: https://drive.google.com/open?id=1zVXLaGYOHFW63sJoeHfc_NKH1-fKcdSM

Related Articles

more
ISACA Cybersecurity-Audit-Certificate Certification Practice Exam