The second line of defense in cybersecurity includes:
- A . conducting organization-wide control self-assessments.
- B . risk management monitoring, and measurement of controls.
- C . separate reporting to the audit committee within the organization.
- D . performing attack and breach penetration testing.
Within the NIST core cybersecurity framework, which function is associated with using organizational understanding to minimize risk to systems, assets, and data?
- A . Detect
- B . Identify
- C . Recover
- D . Respond
The "recover" function of the NISI cybersecurity framework is concerned with:
- A . planning for resilience and timely repair of compromised capacities and service.
- B . identifying critical data to be recovered m case of a security incident.
- C . taking appropriate action to contain and eradicate a security incident.
- D . allocating costs incurred as part of the implementation of cybersecurity measures.
Availability can be protected through the use of:
- A . user awareness training and related end-user training.
- B . access controls. We permissions, and encryption.
- C . logging, digital signatures, and write protection.
- D . redundancy, backups, and business continuity management
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?
- A . Single classification level allocation
- B . Business process re-engineering
- C . Business dependency assessment
- D . Comprehensive cyber insurance procurement
A healthcare organization recently acquired another firm that outsources its patient information processing to a third-party Software as a Service (SaaS) provider. From a regulatory perspective, which of the following is MOST important for the healthcare organization to determine?
- A . Cybersecurity risk assessment methodology
- B . Encryption algorithms used to encrypt the data
- C . Incident escalation procedures
- D . Physical location of the data
Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?
- A . Allocating a significant amount of budget to security investments
- B . Adopting industry security standards and frameworks
- C . Establishing metrics to measure and monitor security performance
- D . Conducting annual security awareness training for all employees
Which of the following is the BEST method of maintaining the confidentiality of digital information?
- A . Use of access controls, file permissions, and encryption
- B . Use of backups and business continuity planning
- C . Use of logging digital signatures, and write protection
- D . Use of the awareness tracing programs and related end-user testing
Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?
- A . It is difficult to know the applicable regulatory requirements when data is located on another country.
- B . Providers may be reluctant to share technical delays on the extent of their information protection mechanisms.
- C . Providers may be restricted from providing detailed ^formation on their employees.
- D . It is difficult to determine vendor financial viability to assess their potential inability to meet contract requirements.
The GREATEST advantage of using a common vulnerability scoring system is that it helps with:
- A . risk aggregation.
- B . risk prioritization.
- C . risk elimination.
- D . risk quantification
Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?
- A . VPN
- B . IPsec
- C . SSH
- D . SFTP
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?
- A . Evaluation of implementation details
- B . Hands-on testing
- C . Risk-based shakeout
- D . Inventory and discovery
Which of the following is the BEST indication of mature third-party vendor risk management for an organization?
- A . The third party’s security program Mows the organization s security program.
- B . The organization maintains vendor security assessment checklists.
- C . The third party maintains annual assessments of control effectiveness.
- D . The organization’s security program follows the thud party’s security program.
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?
- A . Evaluation of implementation details
- B . Hands-on testing
- C . Risk-based shakeout
- D . Inventory and discovery
Which of the following describes specific, mandatory controls or rules to support and comply with a policy?
- A . Frameworks
- B . Guidelines
- C . Basedine
- D . Standards
Which of the following is the MOST important step to determine the risks posed to an organization by social media?
- A . Review costs related to the organization’s social media outages.
- B . Review cybersecurity insurance requirements for the organization s social media.
- C . Review the disaster recovery strategy for the organization’s social media.
- D . Review access control processes for the organization’s social media accounts.
The protection of information from unauthorized access or disclosure is known as:
- A . access control.
- B . cryptograph
- C . media protect on.
- D . confidentiality.
Security awareness training is MOST effective against which type of threat?
- A . Command injection
- B . Denial of service
- C . Social engineering
- D . Social injection
A cloud service provider is used to perform analytics on an organization’s sensitive dat
a. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?
- A . The service provider
- B . Dependent upon the nature of breath
- C . Dependent upon specific regulatory requirements
- D . The organization
One way to control the integrity of digital assets is through the use of:
- A . policies.
- B . frameworks.
- C . caching
- D . hashing.
Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?
- A . Capability maturity model integration
- B . Balanced scorecard
- C . 60 270042009
- D . COBIT 5
Which of the following provides the GREATEST assurance that data can be recovered and restored in a timely manner in the event of data loss?
- A . Backups of information are regularly tested.
- B . Data backups are available onsite for recovery.
- C . The recovery plan is executed during or after an event
- D . full data backup is performed daily.
What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?
- A . Evaluation of implementation details
- B . Hands-on testing
- C . Hand-based shakeout
- D . Inventory and discovery
Which of the following is the BEST indication that an organization’s vulnerability management process is operating effectively?
- A . Remediation efforts are communicated to management
- B . The vulnerability program is formally approved
- C . The vulnerability program is reviewed annually.
- D . Remediation efforts are prioritized.
Which of the following backup procedure would only copy files that have changed since the last backup was made?
- A . Incremental backup
- B . Daily backup
- C . Differential backup
- D . Full backup
An information security procedure indicates a requirement to sandbox emails.
What does this requirement mean?
- A . Ensure the emails are encrypted and provide nonrepudiation.
- B . Provide a backup of emails in the event of a disaster
- C . isolate the emails and test for malicious content
- D . Guarantee rapid email delivery through firewalls.
Which of the following features of continuous auditing provides the BEST level of assurance over
traditional sampling?
- A . Reports can be generated more frequently for management.
- B . Automated tools provide more reliability than an auditors personal judgment
- C . Voluminous dale can be analyzed at a high speed to show relevant patterns.
- D . Continuous auditing tools are less complex for auditors to manage.
Which process converts extracted information to a format understood by investigators?
- A . Reporting
- B . Ingestion
- C . imaging
- D . Filtering
in key protection/management, access should be aligned with which of the following?
- A . System limitation
- B . Least privilege
- C . Position responsibilities
- D . Role descriptions
Which of the following BIST enables continuous identification and mitigation of security threats to an organization?
- A . demit/ and access management (1AM)
- B . Security operations center (SOC)
- C . Security training and awareness
- D . Security information and event management (SEM)
Which of the following are politically motivated hackers who target specific individuals or organizations to achieve various ideological ends?
- A . Malware researchers
- B . Hacktivists
- C . Cybercriminals
- D . Script kiddies
What is the PRIMARY purpose of creating a security architecture?
- A . To visually show gaps in information security controls
- B . To create a long-term information security strategy
- C . To map out how security controls interact with an organization’s systems
- D . To provide senior management a measure of information security maturity
Cyber threat intelligence aims to research and analyze trends and technical developments in which of the following areas?
- A . Industry-specific security regulator
- B . Cybercrime, hacktism. and espionage
- C . Cybersecurity risk scenarios
- D . Cybersecurity operations management
Which of the following is an objective of public key infrastructure (PKI)?
- A . Creating the private-public key pair for secure communications
- B . Independently authenticating the validity of the sender’s public key
- C . Securely distributing secret keys to the communicating parties
- D . Approving the algorithm to be used during data transmission
Which of the following is a more efficient form of public key cryptography as it demands less computational power and offers more security per bit?
- A . Diffie-Hellman Key Agreement
- B . Digital Signature Standard
- C . Secret Key Cryptography
- D . Elliptic Curve Cryptography
Which type of tools look for anomalies in user behavior?
- A . Rootkit detection tools
- B . Trend/variance-detection tools
- C . Audit reduction tools
- D . Attack-signature-detection tools
Which of the following is MOST important to verify when reviewing the effectiveness of an organization’s identity management program?
- A . Processes are approved by the process owner.
- B . Processes are aligned with industry best practices.
- C . Processes are centralized and standardized.
- D . Processes are updated and documented annually.
he MOST significant limitation of vulnerability scanning is the fact that modern scanners only detect:
- A . common vulnerabilities.
- B . unknown vulnerabilities.
- C . known vulnerabilities.
- D . zero-day vulnerabilities.
Which of the following is a passive activity that could be used by an attacker during reconnaissance to gather information about an organization?
- A . Using open source discovery
- B . Scanning the network perimeter
- C . Social engineering
- D . Crafting counterfeit websites
Which of the following is the GREATEST advantage of using a virtual private network (VPN) over dedicated circuits and dial-in servers?
- A . It is more secure
- B . It is more reliable
- C . It is higher speed.
- D . It is more cost effective.
Using digital evidence to provide validation that an attack has actually occurred is an example of;
- A . computer forensic
- B . extraction.
- C . identification.
- D . data acquisition.
What is the FIRST activity associated with a successful cyber attack?
- A . Exploitation
- B . Reconnaissance
- C . Maintaining a presence
- D . Creating attack tools
Which of the following BEST facilitates the development of metrics for repotting to senior management on vulnerability management efforts?
- A . Reviewing business impact analysis (BIA) results
- B . Regularly benchmarking the number of new vulnerabilities identified with industry peers
- C . Tracking vulnerabilities and the remediation efforts to mitigate them
- D . Monitoring the frequency of vulnerability assessments using automated scans
When reviewing user management roles, which of the following groups presents the GREATEST risk based on their permissions?
- A . Privileged users
- B . Database administrators
- C . Terminated employees
- D . Contractors
What is the MAIN consideration when storing backup files?
- A . Utilizing solid slate device (SSDJ media for quick recovery
- B . Storing backup files on public cloud storage
- C . Protecting the off-site data backup copies from unauthorized access
- D . Storing copies on-site for ease of access during incident response
Which of the following is the SLOWEST method of restoring data from backup media?
- A . Monthly backup
- B . Full backup
- C . Differential Backup
- D . Incremental backup
Which of the following is MOST important to ensure the successful implementation of continuous auditing?
- A . Budget for additional storage hardware
- B . Budget for additional technical resources
- C . Top management support
- D . Surplus processing capacity
Which of the following is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability?
- A . Cross-site scripting vulnerability
- B . SQL injection vulnerability
- C . Memory leakage vulnerability
- D . Zero-day vulnerability
While risk is measured by potential activity, which of the following describes the actual occurrence of a threat?
- A . Attack
- B . Payload
- C . Vulnerability
- D . Target
In public key cryptography, digital signatures are primarily used to;
- A . ensure message integrity.
- B . ensure message accuracy.
- C . prove sender authenticity.
- D . maintain confidentiality.