C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

ISACA Cybersecurity-Audit-Certificate - ISACA Cybersecurity Audit Certificate Exam Certification Exam

Download Exam View Entire Exam
Page: 2 / 2
Question #6 (Topic: Demo Questions)

Which of the following provides an early signal of increasing risk exposures for an organization?

A.
Key performance indicators
B.
Risk management policies and procedures
C.
Key risk indicators
D.
Capability maturity model integration
Correct Answer: C
Explanation:
Key risk indicators (KRIs) are metrics that can provide an early signal of increasing risk exposures for an organization. KRIs are designed to measure and predict potential losses, and they help in identifying trends that could lead to future risks. They are different from Key Performance Indicators (KPIs), which measure the performance related to the achievement of strategic goals. KRIs, on the other hand, are specifically focused on risk and are used to monitor changes in the level of risk exposure.
References:  The information is supported by ISACA’s resources, which state that KRIs with thresholds and corresponding trigger actions can enable companies to gain visibility into risks before they occur.  These metrics best position enterprises to deal with substantial cyber risks associated with digital transformation and implementing emerging technologies 1 .
Question #7 (Topic: Demo Questions)

Which of the following is an important reason for tracing the access and origin of an intrusion once it has been detected?

A.
To create appropriate security awareness content to avoid recurrence

B.
To determine the impact of the intrusion event
C.
To perform a root cause analysis of the intrusion event
D.
To determine and correct any system weaknesses
Correct Answer: C
Explanation:
Tracing the access and origin of an intrusion is crucial for performing a root cause analysis. This process involves identifying the underlying factors that led to the security breach. By understanding how the intrusion happened, organizations can better address the specific vulnerabilities that were exploited and implement more effective security measures to prevent similar incidents in the future.
References : ISACA’s resources on cybersecurity audit emphasize the importance of root cause analysis in the event of an intrusion.  It is a key step in the cybersecurity audit process to understand the weaknesses that led to the incident and to improve the overall security posture of the organization 1 .
Question #8 (Topic: Demo Questions)

Which of the following is the MAIN purpose of system hardening?

A.
To enforce the principle of least privilege
B.
To create a security-conscious environment
C.
To reduce vulnerability by limiting attack vectors
D.
To protect the system from all possible threats
Correct Answer: C
Explanation:
System hardening is a process that involves implementing security measures to reduce the system’s vulnerability. The main purpose of this process is to limit the number of attack vectors that can be exploited by threats. By removing unnecessary programs, closing unused ports, and applying security patches, the system’s attack surface is reduced, making it more difficult for attackers to find vulnerabilities to exploit.
References:  The concept of system hardening is covered in ISACA’s resources as a means to protect information assets by addressing threats to information processed, stored, and transported by internetworked information systems 1 .  It is a collection of tools and techniques aimed at reducing vulnerability in various areas of an IT system 2 .
Download Exam
« Prev Page: 2 / 2
Next Page