Which of the following BIST enables continuous identification and mitigation of security threats to an organization?

Security operations center (SOC)

demit/ and access management (1AM)

Security operations center (SOC)

Security training and awareness

Security information and event management (SEM)

Cyber threat intelligence aims to research and analyze trends and technical developments in which of the following areas?

Cybercrime, hacktism. and espionage

Industry-specific security regulator

Cybercrime, hacktism. and espionage

Cybersecurity operations management

Which of the following is an objective of public key infrastructure (PKI)?

Independently authenticating the validity of the sender's public key

Creating the private-public key pair for secure communications

Independently authenticating the validity of the sender's public key

Securely distributing secret keys to the communicating parties

Approving the algorithm to be used during data transmission

Which type of tools look for anomalies in user behavior?

Attack-signature-detection tools

The second line of defense in cybersecurity includes:

risk management monitoring, and measurement of controls.

conducting organization-wide control self-assessments.

risk management monitoring, and measurement of controls.

separate reporting to the audit committee within the organization.

performing attack and breach penetration testing.

The 'recover' function of the NISI cybersecurity framework is concerned with:

planning for resilience and timely repair of compromised capacities and service.

identifying critical data to be recovered m case of a security incident.

taking appropriate action to contain and eradicate a security incident.

allocating costs incurred as part of the implementation of cybersecurity measures.

Availability can be protected through the use of:

redundancy, backups, and business continuity management

user awareness training and related end-user training.

access controls. We permissions, and encryption.

logging, digital signatures, and write protection.

redundancy, backups, and business continuity management

Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?

Single classification level allocation

Business process re-engineering

Comprehensive cyber insurance procurement

A healthcare organization recently acquired another firm that outsources its patient information processing to a third-party Software as a Service (SaaS) provider. From a regulatory perspective, which of the following is MOST important for the healthcare organization to determine?

Cybersecurity risk assessment methodology

Encryption algorithms used to encrypt the data

Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?

Establishing metrics to measure and monitor security performance

Allocating a significant amount of budget to security investments

Adopting industry security standards and frameworks

Establishing metrics to measure and monitor security performance

Conducting annual security awareness training for all employees

Which of the following is the BEST method of maintaining the confidentiality of digital information?

Use of access controls, file permissions, and encryption

Use of backups and business continuity planning

Use of logging digital signatures, and write protection

Use of the awareness tracing programs and related end-user testing

Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?

Providers may be reluctant to share technical delays on the extent of their information protection mechanisms.

It is difficult to know the applicable regulatory requirements when data is located on another country.

Providers may be reluctant to share technical delays on the extent of their information protection mechanisms.

Providers may be restricted from providing detailed ^formation on their employees.

It is difficult to determine vendor financial viability to assess their potential inability to meet contract requirements.

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Evaluation of implementation details

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?

The organization maintains vendor security assessment checklists.

The third party's security program Mows the organization s security program.

The organization maintains vendor security assessment checklists.

The third party maintains annual assessments of control effectiveness.

The organization's security program follows the thud party's security program.

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Evaluation of implementation details

Which of the following is the MOST important step to determine the risks posed to an organization by social media?

Review access control processes for the organization's social media accounts.

Review costs related to the organization's social media outages.

Review cybersecurity insurance requirements for the organization s social media.

Review the disaster recovery strategy for the organization's social media.

Review access control processes for the organization's social media accounts.

A cloud service provider is used to perform analytics on an organization's sensitive data. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?

Dependent upon the nature of breath

Dependent upon specific regulatory requirements

Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?

Capability maturity model integration

Which of the following provides the GREATEST assurance that data can be recovered and restored in a timely manner in the event of data loss?

Backups of information are regularly tested.

Data backups are available onsite for recovery.

The recovery plan is executed during or after an event

full data backup is performed daily.

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Evaluation of implementation details

Which of the following is the BEST indication that an organization's vulnerability management process is operating effectively?

Remediation efforts are prioritized.

Remediation efforts are communicated to management

The vulnerability program is formally approved

The vulnerability program is reviewed annually.

Remediation efforts are prioritized.

An information security procedure indicates a requirement to sandbox emails. What does this requirement mean?

isolate the emails and test for malicious content

Ensure the emails are encrypted and provide nonrepudiation.

Provide a backup of emails in the event of a disaster

isolate the emails and test for malicious content

Guarantee rapid email delivery through firewalls.

Which of the following features of continuous auditing provides the BEST level of assurance over traditional sampling?

Voluminous dale can be analyzed at a high speed to show relevant patterns.

Reports can be generated more frequently for management.

Automated tools provide more reliability than an auditors personal judgment

Voluminous dale can be analyzed at a high speed to show relevant patterns.

Continuous auditing tools are less complex for auditors to manage.

Which of the following is MOST important to verify when reviewing the effectiveness of an organization's identity management program?

Processes are aligned with industry best practices.

Processes are approved by the process owner.

Processes are aligned with industry best practices.

Processes are centralized and standardized.

Processes are updated and documented annually.

Isaca Cybersecurity Audit Practice Test 1 - Free Online Exam Prep & Questions

in key protection/management, access should be aligned with which of the following?

System limitation

Least privilege

Position responsibilities

Role descriptions

Comment (0)

Isaca Cybersecurity Audit Practice Test 1

Question

Isaca Cybersecurity Audit Practice Tests

Practice Tests