CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. Cybersecurity-Audit-Certificate

Free Cybersecurity-Audit-Certificate Exam Braindumps (page: 5)

Page 4 of 35
PDF with 134 Questions

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?

  1. The third party's security program Mows the organization s security program.
  2. The organization maintains vendor security assessment checklists.
  3. The third party maintains annual assessments of control effectiveness.
  4. The organization's security program follows the thud party's security program.

Answer(s): B

Explanation:

The BEST indication of mature third-party vendor risk management for an organization is that the organization maintains vendor security assessment checklists. This is because vendor security assessment checklists help the organization to evaluate and monitor the security posture and performance of their third-party vendors, based on predefined criteria and standards. Vendor security assessment checklists also help the organization to identify and mitigate any gaps or issues in the vendor's security controls or processes. The other options are not as indicative of mature third-party vendor risk management for an organization, because they either involve following or mimicking the security program of either party without considering their own needs or risks (A, D), or relying on the vendor's self-assessment without independent verification or validation C.



What is the FIRST phase of the ISACA framework for auditors reviewing cryptographic environments?

  1. Evaluation of implementation details
  2. Hands-on testing
  3. Risk-based shakeout
  4. Inventory and discovery

Answer(s): D

Explanation:

The FIRST phase of the ISACA framework for auditors reviewing cryptographic environments is inventory and discovery. This is because the inventory and discovery phase helps auditors to identify and document the scope, objectives, and approach of the audit, as well as the cryptographic assets, systems, processes, and stakeholders involved in the cryptographic environment. The inventory and discovery phase also helps auditors to assess the maturity and effectiveness of the cryptographic governance and management within the organization. The other phases are not the first phase of the ISACA framework for auditors reviewing cryptographic environments, but rather follow after the inventory and discovery phase, such as evaluation of implementation details (A), hands-on testing (B), or risk-based shakeout C.



Which of the following describes specific, mandatory controls or rules to support and comply with a policy?

  1. Frameworks
  2. Guidelines
  3. Basedine
  4. Standards

Answer(s): D

Explanation:

Specific, mandatory controls or rules to support and comply with a policy are known as standards. This is because standards define the minimum level of performance or behavior that is expected from an organization or its employees in order to achieve a policy objective or requirement. Standards also provide clear and measurable criteria for auditing and monitoring compliance with policies. The other options are not specific, mandatory controls or rules to support and comply with a policy, but rather different types of documents or tools that provide guidance or recommendations for implementing policies or controls, such as frameworks (A), guidelines (B), or baselines C.



Which of the following is the MOST important step to determine the risks posed to an organization by social media?

  1. Review costs related to the organization's social media outages.
  2. Review cybersecurity insurance requirements for the organization s social media.
  3. Review the disaster recovery strategy for the organization's social media.
  4. Review access control processes for the organization's social media accounts.

Answer(s): D

Explanation:

The MOST important step to determine the risks posed to an organization by social media is to review access control processes for the organization's social media accounts. This is because access control processes help to ensure that only authorized users can access, modify, or share the organization's social media accounts and content, and prevent unauthorized or malicious access or disclosure of sensitive or confidential information. Access control processes also help to protect the organization's reputation and brand image from being compromised or damaged by unauthorized or inappropriate social media posts. The other options are not as important as reviewing access control processes for the organization's social media accounts, because they either relate to costs (A), insurance (B), or recovery C aspects that are not directly related to the risks posed by social media.






Post your Comments and Discuss ISACA Cybersecurity-Audit-Certificate exam with other Community members: