CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. Cybersecurity-Audit-Certificate

Free Cybersecurity-Audit-Certificate Exam Braindumps (page: 6)

Page 5 of 35
PDF with 134 Questions

The protection of information from unauthorized access or disclosure is known as:

  1. access control.
  2. cryptograph
  3. media protect on.
  4. confidentiality.

Answer(s): D

Explanation:

The protection of information from unauthorized access or disclosure is known as confidentiality. This is because confidentiality is one of the three main objectives of information security, along with integrity and availability. Confidentiality ensures that information is accessible and readable only by those who are authorized and intended to do so, and prevents unauthorized or accidental exposure of information to unauthorized parties. The other options are not the protection of information from unauthorized access or disclosure, but rather different concepts or techniques that are related to information security, such as access control (A), cryptography (B), or media protection C.



Security awareness training is MOST effective against which type of threat?

  1. Command injection
  2. Denial of service
  3. Social engineering
  4. Social injection

Answer(s): C

Explanation:

Security awareness training is MOST effective against social engineering threats. This is because social engineering is a type of attack that exploits human psychology and behavior to manipulate or trick users into revealing sensitive or confidential information, or performing actions that compromise security. Security awareness training helps to educate users about the common types and techniques of social engineering attacks, such as phishing, vishing, baiting, etc., and how to recognize and avoid them. Security awareness training also helps to foster a culture of security within the organization and empower users to report any suspicious or malicious activities. The other options are not types of threats that security awareness training is most effective against, but rather types of attacks that exploit technical vulnerabilities or flaws in systems or applications, such as command injection (A), denial of service (B), or SQL injection (D).



A cloud service provider is used to perform analytics on an organization's sensitive dat

  1. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?
  2. The service provider
  3. Dependent upon the nature of breath
  4. Dependent upon specific regulatory requirements
  5. The organization

Answer(s): D

Explanation:

A cloud service provider is used to perform analytics on an organization's sensitive data. A data leakage incident occurs in the service provider's network. From a regulatory perspective, the organization is responsible for the data breach. This is because the organization is the data owner and has the ultimate accountability and liability for the security and privacy of its data, regardless of where it is stored or processed. The organization cannot transfer or delegate its responsibility to the service provider, even if there is a contractual agreement or service level agreement that specifies the security obligations of the service provider. The other options are not correct, because they either imply that the service provider is responsible (A), or that the responsibility depends on the nature of breach (B) or specific regulatory requirements C, which are not relevant factors.



One way to control the integrity of digital assets is through the use of:

  1. policies.
  2. frameworks.
  3. caching
  4. hashing.

Answer(s): D

Explanation:

One way to control the integrity of digital assets is through the use of hashing. This is because hashing is a technique that applies a mathematical function to a digital asset, such as a file or a message, and produces a unique and fixed-length value, known as a hash or a digest. Hashing helps to verify the integrity of digital assets, by comparing the hash values before and after transmission or storage, and detecting any changes or modifications to the original asset. The other options are not ways to control the integrity of digital assets, but rather different concepts or techniques that are related to information security, such as policies (A), frameworks (B), or caching C.






Post your Comments and Discuss ISACA Cybersecurity-Audit-Certificate exam with other Community members: