Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. Cybersecurity-Audit-Certificate

ISACA Cybersecurity-Audit-Certificate Exam
ISACA Cybersecurity Audit Certificate (Page 9 )

Updated On: 12-Feb-2026
Page 5 of 28
PDF with 134 Questions

Which of the following is the MOST important step to determine the risks posed to an organization by social media?

  1. Review costs related to the organization's social media outages.
  2. Review cybersecurity insurance requirements for the organization s social media.
  3. Review the disaster recovery strategy for the organization's social media.
  4. Review access control processes for the organization's social media accounts.

Answer(s): D

Explanation:

The MOST important step to determine the risks posed to an organization by social media is to review access control processes for the organization's social media accounts. This is because access control processes help to ensure that only authorized users can access, modify, or share the organization's social media accounts and content, and prevent unauthorized or malicious access or disclosure of sensitive or confidential information. Access control processes also help to protect the organization's reputation and brand image from being compromised or damaged by unauthorized or inappropriate social media posts. The other options are not as important as reviewing access control processes for the organization's social media accounts, because they either relate to costs (A), insurance (B), or recovery C aspects that are not directly related to the risks posed by social media.



The protection of information from unauthorized access or disclosure is known as:

  1. access control.
  2. cryptograph
  3. media protect on.
  4. confidentiality.

Answer(s): D

Explanation:

The protection of information from unauthorized access or disclosure is known as confidentiality. This is because confidentiality is one of the three main objectives of information security, along with integrity and availability. Confidentiality ensures that information is accessible and readable only by those who are authorized and intended to do so, and prevents unauthorized or accidental exposure of information to unauthorized parties. The other options are not the protection of information from unauthorized access or disclosure, but rather different concepts or techniques that are related to information security, such as access control (A), cryptography (B), or media protection C.



Security awareness training is MOST effective against which type of threat?

  1. Command injection
  2. Denial of service
  3. Social engineering
  4. Social injection

Answer(s): C

Explanation:

Security awareness training is MOST effective against social engineering threats. This is because social engineering is a type of attack that exploits human psychology and behavior to manipulate or trick users into revealing sensitive or confidential information, or performing actions that compromise security. Security awareness training helps to educate users about the common types and techniques of social engineering attacks, such as phishing, vishing, baiting, etc., and how to recognize and avoid them. Security awareness training also helps to foster a culture of security within the organization and empower users to report any suspicious or malicious activities. The other options are not types of threats that security awareness training is most effective against, but rather types of attacks that exploit technical vulnerabilities or flaws in systems or applications, such as command injection (A), denial of service (B), or SQL injection (D).



A cloud service provider is used to perform analytics on an organization's sensitive dat

  1. A data leakage incident occurs in the service providers network from a regulatory perspective, who is responsible for the data breach?
  2. The service provider
  3. Dependent upon the nature of breath
  4. Dependent upon specific regulatory requirements
  5. The organization

Answer(s): D

Explanation:

A cloud service provider is used to perform analytics on an organization's sensitive data. A data leakage incident occurs in the service provider's network. From a regulatory perspective, the organization is responsible for the data breach. This is because the organization is the data owner and has the ultimate accountability and liability for the security and privacy of its data, regardless of where it is stored or processed. The organization cannot transfer or delegate its responsibility to the service provider, even if there is a contractual agreement or service level agreement that specifies the security obligations of the service provider. The other options are not correct, because they either imply that the service provider is responsible (A), or that the responsibility depends on the nature of breach (B) or specific regulatory requirements C, which are not relevant factors.



One way to control the integrity of digital assets is through the use of:

  1. policies.
  2. frameworks.
  3. caching
  4. hashing.

Answer(s): D

Explanation:

One way to control the integrity of digital assets is through the use of hashing. This is because hashing is a technique that applies a mathematical function to a digital asset, such as a file or a message, and produces a unique and fixed-length value, known as a hash or a digest. Hashing helps to verify the integrity of digital assets, by comparing the hash values before and after transmission or storage, and detecting any changes or modifications to the original asset. The other options are not ways to control the integrity of digital assets, but rather different concepts or techniques that are related to information security, such as policies (A), frameworks (B), or caching C.






Post your Comments and Discuss ISACA Cybersecurity-Audit-Certificate exam prep with other Community members:

Join the Cybersecurity-Audit-Certificate Discussion