Isaca Cybersecurity Audit Practice Test - Questions Answers, Page 8

The device that is at GREATEST risk from activity monitoring and data retrieval is mobile devices. This is because mobile devices are devices that are portable, wireless, and connected to the Internet or other networks, such as smartphones, tablets, laptops, etc. Mobile devices are at greatest risk from activity monitoring and data retrieval, because they can be easily lost, stolen, or compromised by attackers who can access or extract the data stored or transmitted on the devices. Mobile devices can also be subject to activity monitoring and data retrieval by third-party applications or services that may collect or share the user's personal or sensitive information without their consent or knowledge. The other options are not devices that are at greatest risk from activity monitoring and data retrieval, but rather different types of devices that may have different levels of risk or protection from activity monitoring and data retrieval, such as cloud storage devices (B), desktop workstations C, or printing devices (D).

The intrusion detection system component that is responsible for collecting data in the form of network packets, log files, or system call traces is sensors. This is because sensors are components of an intrusion detection system that are deployed on various locations or points of the network or system, such as routers, switches, servers, etc., and that capture and collect data from the network traffic or system activities. Sensors then forward the collected data to another component of the intrusion detection system, such as analyzers, for further processing and analysis. The other options are not components of an intrusion detection system that are responsible for collecting data in the form of network packets, log files, or system call traces, but rather different components or techniques that are related to intrusion detection or prevention, such as packet filters (A), analyzers (B), or administration modules C.

Strong data loss prevention (DLP) solutions help protect information in all states: at rest, in transit and in use. This is because DLP solutions are technologies or tools that help to prevent unauthorized or accidental disclosure, modification, or deletion of sensitive or confidential information by users or applications. DLP solutions help to protect information in all states, by applying different types of controls or mechanisms depending on the state of the information. For example, DLP solutions can protect information at rest by encrypting or masking the data stored on devices or media; protect information in transit by inspecting or filtering the data transmitted over networks or channels; and protect information in use by restricting or monitoring the access or usage of the data by users or applications. The other options are not states that strong data loss prevention (DLP) solutions help protect information in, but rather different levels (B), classifications C, or actions (D) that are related to information security.

A data loss prevention (DLP) program helps protect an organization from exfiltration of sensitive data. This is because exfiltration of sensitive data is a type of cyberattack that involves stealing or leaking sensitive or confidential information from an organization's systems or networks to an external destination or party. Exfiltration of sensitive data can cause serious harm to an organization's reputation, operations, finances, legal compliance, etc. A DLP program helps to prevent exfiltration of sensitive data by detecting and blocking any unauthorized or suspicious attempts to access, copy, transfer, or share sensitive data by users or applications. The other options are not cyberattacks that a DLP program helps protect an organization from, but rather different types of cyberattacks that affect other aspects or objectives of information security, such as crypto ransomware infection (A), unauthorized access to servers and applications (B), or unauthorized data modification C.