After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is abl
After finding a vulnerability in an internet-facing server of an organization, a cybersecurity criminal is able to access an encrypted file system and successfully manages to overwrite part of some files with random data. In reference to the Top Threats Analysis methodology, how would you categorize the technical impact of this incident? A. As an […]
Network environments and virtual instances shall be designed and configured to restrict and monitor traffic be
Network environments and virtual instances shall be designed and configured to restrict and monitor traffic between trusted and untrusted connections. These configurations shall be reviewed at least annually, and supported by a documented justification for use for all allowed services, protocols, ports, and by compensating controls. Which of the following controls BEST matches this control […]
Which of the following is the BEST tool to perform cloud security control audits?
Which of the following is the BEST tool to perform cloud security control audits? A. General Data Protection Regulation (GDPR) B. ISO 27001 C. Federal Information Processing Standard (FIPS) 140-2 D. CSA Cloud Control Matrix (CCM) Reference: https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventing-the-next-cybersecurity-attack-with-effective-cloud-security-audits
In an organization, how are policy violations MOST likely to occur?
In an organization, how are policy violations MOST likely to occur? A. By accident B. Deliberately by the ISP C. Deliberately D. Deliberately by the cloud provider
Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed.
Due to cloud audit team resource constraints, an audit plan as initially approved cannot be completed. Assuming that the situation is communicated in the cloud audit report which course of action is MOST relevant? A. Focusing on auditing high-risk areas B. Testing the adequacy of cloud controls design C. Relying on management testing of cloud […]
A CSP contracts for a penetration test to be conducted on its infrastructures.
A CSP contracts for a penetration test to be conducted on its infrastructures. The auditor engages the target with no prior knowledge of its defenses, assets, or channels. The CSP’s security operation center is not notified in advance of the scope of the audit and the test vectors. Which mode is selected by the CSP? […]
Changes to which of the following will MOST likely influence the expansion or reduction of controls required t
Changes to which of the following will MOST likely influence the expansion or reduction of controls required to remediate the risk arising from changes to an organization’s SaaS vendor? A. Risk exceptions policy B. Contractual requirements C. Risk appetite D. Board oversight Reference: https://assets.kpmg/content/dam/kpmg/ch/pdf/key-risks-internal-audit-2018.pdf
Which of the following is the unique identifier within and IPSec packet that enables the sending host to refer
Which of the following is the unique identifier within and IPSec packet that enables the sending host to reference the security parameter to apply?
Within IPSEC which of the following defines security parameters which should be applied between communicating
Within IPSEC which of the following defines security parameters which should be applied between communicating parties such as encryption algorithms, key initialization vector, life span of keys, etc?
Which of the following statement correctly describes the difference between IPSec and SSH protocols?
Which of the following statement correctly describes the difference between IPSec and SSH protocols?