CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. Cybersecurity-Audit-Certificate

Free Cybersecurity-Audit-Certificate Exam Braindumps (page: 4)

Page 3 of 35
PDF with 134 Questions

Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?

  1. It is difficult to know the applicable regulatory requirements when data is located on another country.
  2. Providers may be reluctant to share technical delays on the extent of their information protection mechanisms.
  3. Providers may be restricted from providing detailed ^formation on their employees.
  4. It is difficult to determine vendor financial viability to assess their potential inability to meet contract requirements.

Answer(s): B

Explanation:

The GREATEST challenge to information risk management when outsourcing IT function to a third party is that providers may be reluctant to share technical details on the extent of their information protection mechanisms. This is because providers may consider their information protection mechanisms as proprietary or confidential, or may not want to reveal their weaknesses or vulnerabilities. This makes it difficult for the outsourcing organization to assess the level of security and compliance of the provider, and to monitor and audit their performance. The other options are not as challenging as providers being reluctant to share technical details, because they either involve legal or contractual aspects that can be clarified or negotiated before outsourcing (A, D), or human resource aspects that can be verified or validated by the provider C.



The GREATEST advantage of using a common vulnerability scoring system is that it helps with:

  1. risk aggregation.
  2. risk prioritization.
  3. risk elimination.
  4. risk quantification

Answer(s): B

Explanation:

The GREATEST advantage of using a common vulnerability scoring system is that it helps with risk prioritization. This is because a common vulnerability scoring system provides a standardized and consistent way of measuring and comparing the severity of vulnerabilities, based on their impact and exploitability. This allows organizations to prioritize the remediation of the most critical vulnerabilities and allocate resources accordingly. The other options are not as advantageous as using a common vulnerability scoring system, because they either involve aggregating (A), eliminating C, or quantifying (D) risk, which are not directly related to the scoring system.



Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?

  1. VPN
  2. IPsec
  3. SSH
  4. SFTP

Answer(s): C

Explanation:

The correct answer is C. SSH.

SSH stands for Secure Shell, a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. SSH allows users to remotely access and execute commands on a server without exposing their credentials or data to eavesdropping, tampering or replay attacks. SSH also supports secure file transfer protocols such as SFTP and SCP1.

VPN stands for Virtual Private Network, a technology that creates a secure, encrypted tunnel between two or more devices over a public network such as the Internet. VPN allows users to access resources on a remote network as if they were physically connected to it, while protecting their privacy and identity2.

IPsec stands for Internet Protocol Security, a set of protocols that provides security at the network layer of the Internet. IPsec supports two modes: transport mode and tunnel mode. Transport mode encrypts only the payload of each packet, while tunnel mode encrypts the entire packet, including the header. IPsec can be used to secure VPN connections, as well as other applications that require data confidentiality, integrity and authentication3.

SFTP stands for Secure File Transfer Protocol, a protocol that uses SSH to securely transfer files between a client and a server over a network. SFTP provides encryption, authentication and compression features to ensure the security and reliability of file transfers.

1: SSH (Secure Shell) 2: What is a VPN? How It Works, Types of VPN | Kaspersky 3: IPsec - Wikipedia :
[SFTP - Wikipedia]



What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

  1. Evaluation of implementation details
  2. Hands-on testing
  3. Risk-based shakeout
  4. Inventory and discovery

Answer(s): D

Explanation:

The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is because the inventory and discovery phase helps auditors to identify and document the scope, objectives, and approach of the audit, as well as the cryptographic assets, systems, processes, and stakeholders involved in the cryptographic environment. The inventory and discovery phase also helps auditors to assess the maturity and effectiveness of the cryptographic governance and management within the organization. The other phases are not the first phase of the ISACA framework for auditors reviewing cryptographic environments, but rather follow after the inventory and discovery phase, such as evaluation of implementation details (A), hands-on testing (B), or risk-based shakeout C.






Post your Comments and Discuss ISACA Cybersecurity-Audit-Certificate exam with other Community members: