Free Cybersecurity-Audit-Certificate Practice Test (Page 4 ) & Exam Questions

QUESTION: 11

Which of the following is a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon?

VPN
IPsec
SSH
SFTP

Answer(s): C

Explanation:

The correct answer is C. SSH.

SSH stands for Secure Shell, a client-server program that opens a secure, encrypted command-line shell session from the Internet for remote logon. SSH allows users to remotely access and execute commands on a server without exposing their credentials or data to eavesdropping, tampering or replay attacks. SSH also supports secure file transfer protocols such as SFTP and SCP1.

VPN stands for Virtual Private Network, a technology that creates a secure, encrypted tunnel between two or more devices over a public network such as the Internet. VPN allows users to access resources on a remote network as if they were physically connected to it, while protecting their privacy and identity2.

IPsec stands for Internet Protocol Security, a set of protocols that provides security at the network layer of the Internet. IPsec supports two modes: transport mode and tunnel mode. Transport mode encrypts only the payload of each packet, while tunnel mode encrypts the entire packet, including the header. IPsec can be used to secure VPN connections, as well as other applications that require data confidentiality, integrity and authentication3.

SFTP stands for Secure File Transfer Protocol, a protocol that uses SSH to securely transfer files between a client and a server over a network. SFTP provides encryption, authentication and compression features to ensure the security and reliability of file transfers.

1: SSH (Secure Shell) 2: What is a VPN? How It Works, Types of VPN | Kaspersky 3: IPsec - Wikipedia :
[SFTP - Wikipedia]

Show Answer Next Question

QUESTION: 12

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Evaluation of implementation details
Hands-on testing
Risk-based shakeout
Inventory and discovery

Answer(s): D

Explanation:

The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is because the inventory and discovery phase helps auditors to identify and document the scope, objectives, and approach of the audit, as well as the cryptographic assets, systems, processes, and stakeholders involved in the cryptographic environment. The inventory and discovery phase also helps auditors to assess the maturity and effectiveness of the cryptographic governance and management within the organization. The other phases are not the first phase of the ISACA framework for auditors reviewing cryptographic environments, but rather follow after the inventory and discovery phase, such as evaluation of implementation details (A), hands-on testing (B), or risk-based shakeout C.

Show Answer Next Question

QUESTION: 13

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?

The third party's security program Mows the organization s security program.
The organization maintains vendor security assessment checklists.
The third party maintains annual assessments of control effectiveness.
The organization's security program follows the thud party's security program.

Answer(s): B

Explanation:

The BEST indication of mature third-party vendor risk management for an organization is that the organization maintains vendor security assessment checklists. This is because vendor security assessment checklists help the organization to evaluate and monitor the security posture and performance of their third-party vendors, based on predefined criteria and standards. Vendor security assessment checklists also help the organization to identify and mitigate any gaps or issues in the vendor's security controls or processes. The other options are not as indicative of mature third-party vendor risk management for an organization, because they either involve following or mimicking the security program of either party without considering their own needs or risks (A, D), or relying on the vendor's self-assessment without independent verification or validation C.

Show Answer Next Question

QUESTION: 14

What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

Evaluation of implementation details
Hands-on testing
Risk-based shakeout
Inventory and discovery

Answer(s): D

Explanation:

Show Answer Next Question

QUESTION: 15

Which of the following describes specific, mandatory controls or rules to support and comply with a policy?

Frameworks
Guidelines
Basedine
Standards

Answer(s): D

Explanation:

Specific, mandatory controls or rules to support and comply with a policy are known as standards. This is because standards define the minimum level of performance or behavior that is expected from an organization or its employees in order to achieve a policy objective or requirement. Standards also provide clear and measurable criteria for auditing and monitoring compliance with policies. The other options are not specific, mandatory controls or rules to support and comply with a policy, but rather different types of documents or tools that provide guidance or recommendations for implementing policies or controls, such as frameworks (A), guidelines (B), or baselines C.

Show Answer Next Question

ISACA Cybersecurity-Audit-Certificate Exam
ISACA Cybersecurity Audit Certificate (Page 4 )

QUESTION: 11

Explanation:

QUESTION: 12

Explanation:

QUESTION: 13

Explanation:

QUESTION: 14

Explanation:

QUESTION: 15

Explanation:

Join the Cybersecurity-Audit-Certificate Discussion

ISACA Cybersecurity-Audit-Certificate Exam ISACA Cybersecurity Audit Certificate (Page 4 )

QUESTION: 11

Explanation:

QUESTION: 12

Explanation:

QUESTION: 13

Explanation:

QUESTION: 14

Explanation:

QUESTION: 15

Explanation:

Join the Cybersecurity-Audit-Certificate Discussion

ISACA Cybersecurity-Audit-Certificate Exam
ISACA Cybersecurity Audit Certificate (Page 4 )