ISACA Cybersecurity Audit Certificate
UPDATED Exam Questions and CORRECT
Answers
Cybersecurity - CORRECT ANSWER the "preservation of confidentiality, integrity and
availability of information in the Cyberspace"
Cyberspace - CORRECT ANSWER the complex environment resulting from the interaction
of people, software and services on the Internet by means of technology devices and networks
connected to it, which does not exist in any physical form
NIST Cybersecurity Framework - CORRECT ANSWER Identify—Use organizational
understanding to minimize risk to systems, assets, data and capabilities.
Protect—Design safeguards to limit the impact of potential events on critical services and
infrastructure.
Detect—Implement activities to identify the occurrence of a cybersecurity event.
Respond—Take appropriate action after learning of a security event.
Recover—Plan for resilience and the timely repair of compromised capabilities and services.
Lines of Defense - CORRECT ANSWER The first line is ownership, implementation and
execution.
The second line is risk management, including monitoring/measurement.
The third line is independent testing and assurance.
, The objectives of a cybersecurity audit are to: - CORRECT ANSWER Provide management
with an independent assessment of the effectiveness of cybersecurity processes, policies,
procedures, governance and other controls
Identify security control concerns that could affect the confidentiality, integrity or availability of
the information assets due to weaknesses and vulnerabilities in the system of internal controls,
including key security controls
Evaluate the effectiveness of response and recovery programs
Evaluate compliance with cybersecurity relevant laws and regulations
Governance - CORRECT ANSWER the responsibility of the board of directors and senior
management of the enterprise.
Goals of a governance program - CORRECT ANSWER •Provide strategic direction
•Ensure that objectives are achieved
•Ascertain whether risk is being managed appropriately
•Verify that the enterprise's resources are being used responsibly
Risk Management - CORRECT ANSWER involves the coordination of activities that direct
and control an enterprise regarding risk. Requires the development and implementation of
internal controls to manage and mitigate risk throughout the enterprise, including financial,
operational, reputational, investment, physical security and cybersecurity risk.
Compliance - CORRECT ANSWER involves not only adhering to mandated requirements
defined by laws and regulations, but also demonstrating that adherence. Often extends to
voluntary requirements resulting from contractual obligations and internal policies.
UPDATED Exam Questions and CORRECT
Answers
Cybersecurity - CORRECT ANSWER the "preservation of confidentiality, integrity and
availability of information in the Cyberspace"
Cyberspace - CORRECT ANSWER the complex environment resulting from the interaction
of people, software and services on the Internet by means of technology devices and networks
connected to it, which does not exist in any physical form
NIST Cybersecurity Framework - CORRECT ANSWER Identify—Use organizational
understanding to minimize risk to systems, assets, data and capabilities.
Protect—Design safeguards to limit the impact of potential events on critical services and
infrastructure.
Detect—Implement activities to identify the occurrence of a cybersecurity event.
Respond—Take appropriate action after learning of a security event.
Recover—Plan for resilience and the timely repair of compromised capabilities and services.
Lines of Defense - CORRECT ANSWER The first line is ownership, implementation and
execution.
The second line is risk management, including monitoring/measurement.
The third line is independent testing and assurance.
, The objectives of a cybersecurity audit are to: - CORRECT ANSWER Provide management
with an independent assessment of the effectiveness of cybersecurity processes, policies,
procedures, governance and other controls
Identify security control concerns that could affect the confidentiality, integrity or availability of
the information assets due to weaknesses and vulnerabilities in the system of internal controls,
including key security controls
Evaluate the effectiveness of response and recovery programs
Evaluate compliance with cybersecurity relevant laws and regulations
Governance - CORRECT ANSWER the responsibility of the board of directors and senior
management of the enterprise.
Goals of a governance program - CORRECT ANSWER •Provide strategic direction
•Ensure that objectives are achieved
•Ascertain whether risk is being managed appropriately
•Verify that the enterprise's resources are being used responsibly
Risk Management - CORRECT ANSWER involves the coordination of activities that direct
and control an enterprise regarding risk. Requires the development and implementation of
internal controls to manage and mitigate risk throughout the enterprise, including financial,
operational, reputational, investment, physical security and cybersecurity risk.
Compliance - CORRECT ANSWER involves not only adhering to mandated requirements
defined by laws and regulations, but also demonstrating that adherence. Often extends to
voluntary requirements resulting from contractual obligations and internal policies.
