Cybersecurity-Audit-Certificate ISACA Cybersecurity Audit Certificate Exam Free Demo Questions – Try Before You Buy

Question 1

Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?

A

Single classification level allocation

B

Business process re-engineering

C

Business dependency assessment

D

Comprehensive cyber insurance procurement

Correct Answer: C

Explanation:

The BEST basis for allocating proportional protection activities when comprehensive classification is not feasible is a business dependency assessment. This is because a business dependency assessment helps to identify the criticality and sensitivity of business processes and their supporting assets, based on their contribution to the organization’s objectives and value proposition. This allows for prioritizing protection activities according to the level of risk and impact. The other options are not as effective as a business dependency assessment, because they either use a single classification level allocation (A), which does not account for different levels of risk and impact; require a significant amount of time and resources to perform a business process re-engineering (B); or rely on external parties to cover potential losses without reducing the likelihood or impact of incidents (D)

Question 2

Availability can be protected through the use of:

A

user awarenesstraining and related end-user training

B

access controls. We permissions, and encryption.

C

logging, digital signatures, and write protection.

D

redundancy, backups, and business continuity management

Correct Answer: D

Explanation:

Availability can be protected through the use of redundancy, backups, and business continuity management. This is because these measures help to ensure that systems, data, and services are accessible and functional at all times, even in the event of a disruption or disaster. The other options are not directly related to protecting availability, but rather focus on enhancing confidentiality (A), integrity C, or awareness (D).

Question 3

The second line of defense in cybersecurity includes:

A

conducting organization-wide control self-assessments

B

risk management monitoring, and measurement of controls

C

separate reporting to the audit committee within the organization.

D

performing attack and breach penetration testing.

Correct Answer: B

Explanation:

The second line of defense in cybersecurity includes risk management monitoring, and measurement of controls. This is because the second line of defense is responsible for ensuring that the first line of defense (the operational managers and staff who own and manage risks) is effectively designed and operating as intended. The second line of defense also provides guidance, oversight, and challenge to the first line of defense. The other options are not part of the second line of defense, but rather belong to the first line of defense (A), the third line of defense C, or an external service provider (D).

Demo ISACA Cybersecurity-Audit-Certificate Exam Questions

Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?

Single classification level allocation

Business process re-engineering

Business dependency assessment

Correct Answer: C

Availability can be protected through the use of:

user awarenesstraining and related end-user training

access controls. We permissions, and encryption.

logging, digital signatures, and write protection.

redundancy, backups, and business continuity management

Correct Answer: D

The second line of defense in cybersecurity includes:

conducting organization-wide control self-assessments

risk management monitoring, and measurement of controls

separate reporting to the audit committee within the organization.

performing attack and breach penetration testing.

Correct Answer: B

Demo Practice Mode