ISACA Cybersecurity-Audit-Certificate - ISACA Cybersecurity Audit Certificate Exam Certification Exam
Question #6 (Topic: Demo Questions)
Which of the following provides an early signal of increasing risk exposures for an organization?
Correct Answer: C
Explanation:
Key risk indicators (KRIs) are metrics that can provide an early signal of increasing risk exposures for an organization. KRIs are designed to measure and predict potential losses, and they help in identifying trends that could lead to future risks. They are different from Key Performance Indicators (KPIs), which measure the performance related to the achievement of strategic goals. KRIs, on the other hand, are specifically focused on risk and are used to monitor changes in the level of risk exposure.
Key risk indicators (KRIs) are metrics that can provide an early signal of increasing risk exposures for an organization. KRIs are designed to measure and predict potential losses, and they help in identifying trends that could lead to future risks. They are different from Key Performance Indicators (KPIs), which measure the performance related to the achievement of strategic goals. KRIs, on the other hand, are specifically focused on risk and are used to monitor changes in the level of risk exposure.
References: The information is supported by ISACA’s resources, which state that KRIs with thresholds and corresponding trigger actions can enable companies to gain visibility into risks before they occur. These metrics best position enterprises to deal with substantial cyber risks associated with digital transformation and implementing emerging technologies 1 .
Question #7 (Topic: Demo Questions)
Which of the following is an important reason for tracing the access and origin of an intrusion once it has been detected?
Correct Answer: C
Explanation:
Tracing the access and origin of an intrusion is crucial for performing a root cause analysis. This process involves identifying the underlying factors that led to the security breach. By understanding how the intrusion happened, organizations can better address the specific vulnerabilities that were exploited and implement more effective security measures to prevent similar incidents in the future.
References : ISACA’s resources on cybersecurity audit emphasize the importance of root cause analysis in the event of an intrusion. It is a key step in the cybersecurity audit process to understand the weaknesses that led to the incident and to improve the overall security posture of the organization 1 .
Question #8 (Topic: Demo Questions)
Which of the following is the MAIN purpose of system hardening?
Correct Answer: C
Explanation:
System hardening is a process that involves implementing security measures to reduce the system’s vulnerability. The main purpose of this process is to limit the number of attack vectors that can be exploited by threats. By removing unnecessary programs, closing unused ports, and applying security patches, the system’s attack surface is reduced, making it more difficult for attackers to find vulnerabilities to exploit.