2024 Realistic Verified Cybersecurity-Audit-Certificate exam dumps Q&As - Cybersecurity-Audit-Certificate Free Update [Q45-Q62]

2024 Realistic Verified Cybersecurity-Audit-Certificate exam dumps Q&As - Cybersecurity-Audit-Certificate Free Update

Use Real Cybersecurity-Audit-Certificate Dumps - 100% Free Cybersecurity-Audit-Certificate Exam Dumps

NEW QUESTION # 45
Which of the following is a passive activity that could be used by an attacker during reconnaissance to gather information about an organization?

• A. Scanning the network perimeter
• B. Crafting counterfeit websites
• C. Using open source discovery
• D. Social engineering

Answer: C

Explanation:
Explanation
A passive activity that could be used by an attacker during reconnaissance to gather information about an organization is using open source discovery. This is because open source discovery is a technique that involves collecting and analyzing publicly available information about an organization, such as its website, social media, press releases, annual reports, etc. Open source discovery does not require any direct interaction or communication with the target organization or its systems or network, and therefore does not generate any traffic or alerts that could be detected by the organization's security controls. The other options are not passive activities that could be used by an attacker during reconnaissance to gather information about an organization, but rather active activities that involve direct or indirect interaction or communication with the target organization or its systems or network, such as scanning the network perimeter (B), social engineering C, or crafting counterfeit websites (D).

NEW QUESTION # 46
What would be an IS auditor's BEST response to an IT managers statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device?

• A. The risk associated with mobile devices is less than that of other devices and systems.
• B. The ability to wipe mobile devices and disable connectivity adequately mitigates additional
• C. Replication of privileged access and the greater likelihood of physical loss increases risk levels.
• D. The risk associated with mobile devices cannot be mitigated with similar controls for workstations.

Answer: C

Explanation:
Explanation
The BEST response to an IT manager's statement that the risk associated with the use of mobile devices in an organizational setting is the same as for any other device is that replication of privileged access and the greater likelihood of physical loss increases risk levels. Mobile devices pose unique risks to an organization due to their portability, connectivity, and functionality. Mobile devices may store or access sensitive data or systems that require privileged access, which can be compromised if the device is lost, stolen, or hacked. Mobile devices also have a higher chance of being misplaced or taken by unauthorized parties than other devices.

NEW QUESTION # 47
A cloud service provider is used to perform analytics on an organization's sensitive data. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?

• A. Dependent upon specific regulatory requirements
• B. The service provider
• C. The organization
• D. Dependent upon the nature of breath

Answer: C

Explanation:
Explanation
A cloud service provider is used to perform analytics on an organization's sensitive data. A data leakage incident occurs in the service provider's network. From a regulatory perspective, the organization is responsible for the data breach. This is because the organization is the data owner and has the ultimate accountability and liability for the security and privacy of its data, regardless of where it is stored or processed.
The organization cannot transfer or delegate its responsibility to the service provider, even if there is a contractual agreement or service level agreement that specifies the security obligations of the service provider.
The other options are not correct, because they either imply that the service provider is responsible (A), or that the responsibility depends on the nature of breach (B) or specific regulatory requirements C, which are not relevant factors.

NEW QUESTION # 48
Which of the following cloud characteristics refers to resource utilization that can be optimized by leveraging charge-per-use capabilities?

• A. Measured service
• B. On demand self-service
• C. Elasticity
• D. Resource pooling

Answer: A

Explanation:
Explanation
The cloud characteristic that refers to resource utilization that can be optimized by leveraging charge-per-use capabilities is measured service. This is because measured service is a characteristic of cloud computing that involves monitoring, controlling, and reporting on the usage and consumption of cloud resources by cloud providers and consumers. Measured service helps to optimize resource utilization by leveraging charge-per-use capabilities, which means that cloud consumers only pay for the amount of resources that they actually use or consume, rather than paying for fixed or predetermined amounts of resources. The other options are not cloud characteristics that refer to resource utilization that can be optimized by leveraging charge-per-use capabilities, but rather different characteristics of cloud computing that describe other aspects or benefits of cloud services, such as on demand self-service (A), elasticity (B), or resource pooling (D).

NEW QUESTION # 49
One way to control the integrity of digital assets is through the use of:

• A. frameworks.
• B. hashing.
• C. caching
• D. policies.

Answer: B

Explanation:
Explanation
One way to control the integrity of digital assets is through the use of hashing. This is because hashing is a technique that applies a mathematical function to a digital asset, such as a file or a message, and produces a unique and fixed-length value, known as a hash or a digest. Hashing helps to verify the integrity of digital assets, by comparing the hash values before and after transmission or storage, and detecting any changes or modifications to the original asset. The other options are not ways to control the integrity of digital assets, but rather different concepts or techniques that are related to information security, such as policies (A), frameworks (B), or caching C.

NEW QUESTION # 50
Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?

• A. It is difficult to know the applicable regulatory requirements when data is located on another country.
• B. Providers may be reluctant to share technical delays on the extent of their information protection mechanisms.
• C. It is difficult to determine vendor financial viability to assess their potential inability to meet contract requirements.
• D. Providers may be restricted from providing detailed ^formation on their employees.

Answer: B

Explanation:
Explanation
The GREATEST challenge to information risk management when outsourcing IT function to a third party is that providers may be reluctant to share technical details on the extent of their information protection mechanisms. This is because providers may consider their information protection mechanisms as proprietary or confidential, or may not want to reveal their weaknesses or vulnerabilities. This makes it difficult for the outsourcing organization to assess the level of security and compliance of the provider, and to monitor and audit their performance. The other options are not as challenging as providers being reluctant to share technical details, because they either involve legal or contractual aspects that can be clarified or negotiated before outsourcing (A, D), or human resource aspects that can be verified or validated by the provider C.

NEW QUESTION # 51
When reviewing user management roles, which of the following groups presents the GREATEST risk based on their permissions?

• A. Database administrators
• B. Terminated employees
• C. Contractors
• D. Privileged users

Answer: D

Explanation:
Explanation
When reviewing user management roles, the group that presents the GREATEST risk based on their permissions is privileged users. This is because privileged users are users who have elevated or special access rights or permissions to systems or resources, such as administrators, superusers, root users, etc. Privileged users present the greatest risk based on their permissions, because they can perform actions or operations that can affect the security, availability, or functionality of systems or resources, such as installing or uninstalling software, modifying or deleting files, granting or revoking access rights, etc. Privileged users can also abuse or misuse their permissions for malicious or unauthorized purposes, such as stealing or leaking sensitive data, sabotaging systems or services, bypassing security controls, etc. The other options are not groups that present the greatest risk based on their permissions, but rather different types of users that may have different levels of access rights or permissions to systems or resources, such as database administrators (B), terminated employees C, or contractors (D).

NEW QUESTION # 52
he MOST significant limitation of vulnerability scanning is the fact that modern scanners only detect:

• A. common vulnerabilities.
• B. known vulnerabilities.
• C. unknown vulnerabilities.
• D. zero-day vulnerabilities.

Answer: B

Explanation:
Explanation
The MOST significant limitation of vulnerability scanning is the fact that modern scanners only detect known vulnerabilities. This is because vulnerability scanners rely on databases or repositories of known vulnerabilities, such as CVE (Common Vulnerabilities and Exposures), to compare and identify the weaknesses or flaws in systems or applications. Vulnerability scanners cannot detect unknown vulnerabilities, such as zero-day vulnerabilities, that have not been reported or disclosed yet, and may be exploited by attackers before they are patched or fixed. The other options are not the most significant limitation of vulnerability scanning, because they either involve detecting common (A), unknown (B), or zero-day (D) vulnerabilities, which are not the capabilities or limitations of modern scanners.

NEW QUESTION # 53
Which of the following is MOST important to ensure the successful implementation of continuous auditing?

• A. Budget for additional technical resources
• B. Top management support
• C. Budget for additional storage hardware
• D. Surplus processing capacity

Answer: B

Explanation:
Explanation
The MOST important factor to ensure the successful implementation of continuous auditing is top management support. This is because top management support helps to provide the vision, direction, and resources for implementing continuous auditing within the organization. Top management support also helps to overcome any resistance or challenges that may arise from implementing continuous auditing, such as cultural change, stakeholder buy-in, process reengineering, etc. Top management support also helps to ensure that the results and findings of continuous auditing are communicated and acted upon by the relevant decision-makers and stakeholders. The other options are not factors that are more important than top management support for ensuring the successful implementation of continuous auditing, but rather different aspects or benefits of continuous auditing, such as storage hardware (A), technical resources (B), or processing capacity (D).

NEW QUESTION # 54
Which of the following features of continuous auditing provides the BEST level of assurance over traditional sampling?

• A. Continuous auditing tools are less complex for auditors to manage.
• B. Automated tools provide more reliability than an auditors personal judgment
• C. Reports can be generated more frequently for management.
• D. Voluminous dale can be analyzed at a high speed to show relevant patterns.

Answer: D

Explanation:
Explanation
The feature of continuous auditing that provides the BEST level of assurance over traditional sampling is that voluminous data can be analyzed at a high speed to show relevant patterns. This is because continuous auditing is a technique that uses automated tools and processes to perform audit activities on a continuous or near-real-time basis, and to analyze large amounts of data from various sources and systems. Continuous auditing helps to provide a higher level of assurance than traditional sampling, by covering the entire population of transactions or events, rather than a subset or sample, and by identifying trends, anomalies, or exceptions that may indicate risks or issues. The other options are not features of continuous auditing that provide the best level of assurance over traditional sampling, but rather different aspects or benefits of continuous auditing, such as reporting frequency (A), reliability (B), or complexity (D).

NEW QUESTION # 55
What is the MAIN consideration when storing backup files?

• A. Utilizing solid slate device (SSDJ media for quick recovery
• B. Storing backup files on public cloud storage
• C. Storing copies on-site for ease of access during incident response
• D. Protecting the off-site data backup copies from unauthorized access

Answer: D

Explanation:
Explanation
The MAIN consideration when storing backup files is protecting the off-site data backup copies from unauthorized access. This is because protecting the off-site data backup copies from unauthorized access helps to ensure the confidentiality and integrity of the backup data, and prevent any unauthorized or malicious disclosure, modification, or deletion of the backup data. Protecting the off-site data backup copies from unauthorized access also helps to comply with any regulatory or contractual requirements that may apply to the backup data. The other options are not the main consideration when storing backup files, but rather different aspects or factors that affect the backup process, such as using solid state device (SSD) media (A), storing backup files on public cloud storage (B), or storing copies on-site (D).

NEW QUESTION # 56
Which of the following contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness?

• A. Balanced scorecard
• B. COBIT 5
• C. 60 270042009
• D. Capability maturity model integration

Answer: D

Explanation:
Explanation
The document that contains the essential elements of effective processes and describes an improvement path considering quality and effectiveness is Capability Maturity Model Integration (CMMI). This is because CMMI is a framework that defines five levels of process maturity, from initial to optimized, and provides best practices and guidelines for improving the quality and effectiveness of processes across different domains, such as software development, service delivery, or cybersecurity. The other options are not documents that contain the essential elements of effective processes and describe an improvement path considering quality and effectiveness, but rather different types of documents or tools that provide guidance or recommendations for implementing policies or controls, such as Balanced Scorecard (B), ISO 27004:2009 C, or COBIT 5 (D).

NEW QUESTION # 57
What is the PRIMARY purpose of creating a security architecture?

• A. To provide senior management a measure of information security maturity
• B. To map out how security controls interact with an organization's systems
• C. To create a long-term information security strategy
• D. To visually show gaps in information security controls

Answer: C

Explanation:
Explanation
The PRIMARY purpose of creating a security architecture is to create a long-term information security strategy that aligns with the organization's business goals and objectives. A security architecture defines the vision, principles, standards, policies, and guidelines for how security will be implemented and managed across the organization's systems, networks, and data.

NEW QUESTION # 58
Which of the following is a feature of a stateful inspection firewall?

• A. It tracks the destination IP address of each packet that leaves the organization's internal network.
• B. It prevents any attack initiated and originated by an insider.
• C. It translates the MAC address to the destination IP address of each packet that enters the organization's internal network.
• D. It is capable of detecting and blocking sophisticated attacks

Answer: D

Explanation:
Explanation
A feature of a stateful inspection firewall is that it is capable of detecting and blocking sophisticated attacks. A stateful inspection firewall is a type of firewall that monitors and analyzes the state and context of network traffic. It keeps track of the source, destination, protocol, port, and session information of each packet and compares it with a set of predefined rules. A stateful inspection firewall can detect and block attacks that exploit the logic or behavior of network protocols or applications, such as fragmentation attacks, session hijacking, or application-layer attacks.

NEW QUESTION # 59
Which of the following BEST characterizes security mechanisms for mobile devices?

• A. Easy to control through mobile device management
• B. Comparatively weak relative to workstations
• C. Configurable and reliable across device types
• D. Inadequate for organizational use

Answer: A

Explanation:
Explanation
The BEST characteristic that describes security mechanisms for mobile devices is easy to control through mobile device management. This is because mobile device management is a technique that allows organizations to centrally manage and secure mobile devices, such as smartphones, tablets, laptops, etc., that are used by their employees or customers. Mobile device management helps to enforce security policies, configure settings, install applications, monitor usage, wipe data, etc., on mobile devices remotely and efficiently. The other options are not characteristics that describe security mechanisms for mobile devices, but rather different aspects or factors that affect security mechanisms for mobile devices, such as weakness (B), inadequacy C, or reliability (D).

NEW QUESTION # 60
While risk is measured by potential activity, which of the following describes the actual occurrence of a threat?

• A. Payload
• B. Vulnerability
• C. Attack
• D. Target

Answer: C

Explanation:
Explanation
An attack is the actual occurrence of a threat, which is a potential activity that could harm an asset. An attack is the result of a threat actor exploiting a vulnerability in a system or network to achieve a malicious objective.
For example, a denial-of-service attack is the occurrence of a threat that aims to disrupt the availability of a service.

NEW QUESTION # 61
Which of the following is an objective of public key infrastructure (PKI)?

• A. Independently authenticating the validity of the sender's public key
• B. Approving the algorithm to be used during data transmission
• C. Securely distributing secret keys to the communicating parties
• D. Creating the private-public key pair for secure communications

Answer: A

Explanation:
Explanation
An objective of public key infrastructure (PKI) is to independently authenticate the validity of the sender's public key. PKI is a system that uses cryptographic keys to secure communications and transactions. PKI involves a trusted third party called a certificate authority (CA) that issues digital certificates that link a public key with an identity. The recipient can use the CA's public key to verify the sender's certificate and public key.

NEW QUESTION # 62
......

Pass Cybersecurity-Audit-Certificate exam Updated 77 Questions: https://www.pdftorrent.com/Cybersecurity-Audit-Certificate-exam-prep-dumps.html

Cybersecurity-Audit-Certificate Exam Dumps, Test Engine Practice Test Questions: https://drive.google.com/open?id=1lENVUBppuI61s4037AAHDPC3VEZY2DBo