Ask Question
Isaca Cybersecurity Audit Practice Test - Questions Answers, Page 2
Add to Whishlist
List of questions
Question 11
The 'recover' function of the NISI cybersecurity framework is concerned with:
The ''recover'' function of the NIST cybersecurity framework is concerned with planning for resilience and timely repair of compromised capacities and service. This is because the recover function helps organizations to restore normal operations as quickly as possible after a cybersecurity incident, while also learning from the incident and improving their security posture. The other options are not part of the recover function, but rather belong to the identify (B), respond C, or protect (D) functions.
Question 12
Availability can be protected through the use of:
Availability can be protected through the use of redundancy, backups, and business continuity management. This is because these measures help to ensure that systems, data, and services are accessible and functional at all times, even in the event of a disruption or disaster. The other options are not directly related to protecting availability, but rather focus on enhancing confidentiality (A), integrity C, or awareness (D).
Question 13
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?
The BEST basis for allocating proportional protection activities when comprehensive classification is not feasible is a business dependency assessment. This is because a business dependency assessment helps to identify the criticality and sensitivity of business processes and their supporting assets, based on their contribution to the organization's objectives and value proposition. This allows for prioritizing protection activities according to the level of risk and impact. The other options are not as effective as a business dependency assessment, because they either use a single classification level allocation (A), which does not account for different levels of risk and impact; require a significant amount of time and resources to perform a business process re-engineering (B); or rely on external parties to cover potential losses without reducing the likelihood or impact of incidents (D).
Question 14
A healthcare organization recently acquired another firm that outsources its patient information processing to a third-party Software as a Service (SaaS) provider. From a regulatory perspective, which of the following is MOST important for the healthcare organization to determine?
From a regulatory perspective, the MOST important thing for the healthcare organization to determine when outsourcing its patient information processing to a third-party Software as a Service (SaaS) provider is the incident escalation procedures. This is because incident escalation procedures define how security incidents involving patient information are reported, communicated, escalated, and resolved between the healthcare organization and the SaaS provider. This is essential for complying with regulatory requirements such as HIPAA, which mandate timely notification and response to breaches of protected health information. The other options are not as important as incident escalation procedures from a regulatory perspective, because they either relate to technical aspects that may not affect compliance (A, B), or operational aspects that may not affect patient information security (D).
Question 15
Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?
Unlock Premium Member
Question 16
Which of the following is the BEST method of maintaining the confidentiality of digital information?
Question 17
Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?
Question 18
The GREATEST advantage of using a common vulnerability scoring system is that it helps with:
Question 19
Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?
Question 20
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question