Questions for the CYBERSECURITY AUDIT CERTIFICATE were updated on : Dec 01 ,2025
What should be an IS auditor's GREATEST concern when an organization's virtual private network
(VPN) is implemented on employees' personal mobile devices?
B
Explanation:
When employees use personal mobile devices to access a VPN, the greatest concern for an IS auditor
is the potential for sensitive data to be stored in an unsecured manner. If data is stored in plain text,
it could be easily accessed by unauthorized parties if the device is lost, stolen, or compromised. This
risk is heightened when the devices are not managed by the organization’s IT department, which
would typically enforce security policies such as encryption.
Reference: ISACA’s resources on securing mobile devices and VPN technology assurance emphasize
the importance of implementing strong security controls to protect sensitive data on mobile
devices.
This includes ensuring that data is not stored in plain text and is instead encrypted to
prevent unauthorized access1234
.
The use of mobile device management (MDM) software is also
advocated to remotely manage and secure mobile devices used for corporate access1
.
Which of the following describes a system that enforces a boundary between two or more networks,
typically forming a barrier between a secure and an open environment such as the Internet?
C
Explanation:
A firewall is a network security device that monitors and controls incoming and outgoing network
traffic based on predetermined security rules. It establishes a barrier between a secure internal
network and an untrusted external network, such as the internet. This system is designed to prevent
unauthorized access to or from private networks and is a fundamental piece of a comprehensive
security framework for any organization.
Reference: The concept of a firewall as a system that enforces a boundary between networks is well-
established in cybersecurity literature.
It is recognized as a critical component for protecting network
resources by filtering traffic and blocking unauthorized access while allowing legitimate
communication to pass123
.
Which type of firewall blocks many types of attacks, such as cross-site scripting (XSS) and structured
query language (SQL) injection?
D
Explanation:
A web application firewall (WAF) is specifically designed to monitor, filter, and block HTTP traffic to
and from a web application. It is different from other types of firewalls because it can filter the
content of specific web applications. By inspecting HTTP traffic, a WAF can prevent attacks stemming
from web application security flaws, such as SQL injection and cross-site scripting (XSS), file inclusion,
and security misconfigurations.
Reference: The use of WAFs to block XSS and SQL injection attacks is well-documented in
cybersecurity literature.
They are recognized for their ability to perform a detailed inspection of HTTP
traffic, applying rules to an HTTP conversation to cover a wide range of security issues, including XSS
and SQL injection, which are not typically covered by other firewall types12
.
Which of the following is a team created PRIMARILY to improve the security posture of an
organization?
B
Explanation:
The primary purpose of a Security Operations Center (SOC) team is to continuously monitor and
improve an organization’s security posture. They are responsible for the detection, analysis, and
response to cybersecurity incidents, using a combination of technology solutions and a strong set of
processes.
Reference = ISACA’s resources highlight the role of SOC teams in enhancing the security measures of
an organization.
They are integral to the proactive defense against cyber threats and play a key role
in the strategic planning of security measures123
.
Which of the following is a known potential risk of using a software defined perimeter (SDP)
controller?
A
Explanation:
One of the known potential risks of using a Software Defined Perimeter (SDP) controller is
unauthorized access, which can jeopardize the confidentiality, integrity, or availability of data. SDP
controllers work by creating a boundary around network resources, but if an unauthorized user gains
access, perhaps through stolen credentials or exploitation of a vulnerability, they could potentially
access sensitive data or disrupt services.
Reference: The information provided here is based on standard cybersecurity practices and
principles, which are likely to be consistent with those found in ISACA’s Cybersecurity Audit
resources.
For specific references, please consult the ISACA Cybersecurity Audit Manual or related
study guides12345
.
Which of the following describes computing capabilities that are available over the network and can
be accessed by diverse client platforms?
D
Explanation:
Broad network access refers to the computing capabilities that are available over a network and can
be accessed by diverse client platforms, such as personal computers, mobile phones, and tablets.
This characteristic is one of the essential features of cloud computing, which allows users to access
services using a variety of devices through standard mechanisms.
Reference: The concept of broad network access is integral to the understanding of cloud services
and is often discussed in cybersecurity resources, including those provided by ISACA, which
emphasize the importance of securing access to these services across different platforms1
In the context of network communications, what are the two types of attack vectors?
A
Explanation:
In the context of network communications, the two types of attack vectors are ingress and egress.
Ingress refers to the unauthorized entry or access to a network, which can include various forms of
cyberattacks aimed at penetrating network defenses.
Egress, on the other hand, involves the
unauthorized transmission of data out of a network, often as part of data exfiltration efforts by
attackers1
.
Reference: The ISACA Cybersecurity Fundamentals Glossary defines attack vectors in network
communications as ingress and egress, which align with the options provided in the question1
.
Which of the following provides additional protection other than encryption to messages transmitted
using portable wireless devices?
C
Explanation:
A Virtual Private Network (VPN) provides additional protection to messages transmitted using
portable wireless devices by creating a secure and encrypted tunnel for data transmission. This helps
protect the data from being intercepted or accessed by unauthorized entities. While encryption
secures the content of the messages, a VPN secures the transmission path, adding an extra layer of
security.
Reference: The use of VPNs for enhancing the security of mobile devices is discussed in ISACA’s
resources.
VPNs are recommended as a measure to protect data in transit, especially when using
public or unsecured networks, which is a common scenario for portable wireless devices
Which of the following is an important reason for tracing the access and origin of an intrusion once it
has been detected?
C
Explanation:
Tracing the access and origin of an intrusion is crucial for performing a root cause analysis. This
process involves identifying the underlying factors that led to the security breach. By understanding
how the intrusion happened, organizations can better address the specific vulnerabilities that were
exploited and implement more effective security measures to prevent similar incidents in the future.
Reference: ISACA’s resources on cybersecurity audit emphasize the importance of root cause analysis
in the event of an intrusion.
It is a key step in the cybersecurity audit process to understand the
weaknesses that led to the incident and to improve the overall security posture of the organization1
.
Which of the following is the MAIN reason why domain name system (DNS) data exfiltration is a
significant threat to mobile computing?
C
Explanation:
DNS data exfiltration poses a significant threat to mobile computing mainly because it is challenging
to differentiate between malicious activity and legitimate DNS traffic. Attackers can exploit this by
embedding data within DNS queries and responses, which often go unnoticed because DNS traffic is
generally allowed through firewalls and security systems without triggering alerts. This method of
data theft can be particularly effective in mobile computing, where devices frequently switch
networks and rely on DNS for connectivity.
Reference = ISACA’s resources on cybersecurity risks associated with DNS highlight the difficulty in
detecting DNS data exfiltration due to its ability to blend in with normal traffic.
This is further
supported by industry resources that discuss the challenges in identifying and preventing such
exfiltration techniques1234
.
An insecure wireless connection may expose users to which of the following?
C
Explanation:
An insecure wireless connection, such as one that lacks encryption, can allow unauthorized
individuals within range to intercept the data being transmitted. This interception is known as
eavesdropping. It is a common security risk associated with wireless networks where attackers can
capture sensitive information without being detected.
Reference: The ISACA resources highlight the importance of securing wireless connections to prevent
unauthorized access and data interception.
Specifically, ISACA’s materials on cybersecurity audit
emphasize the need to address threats to information processed, stored, and transported by
internetworked
information
systems,
which
includes
protecting
against
eavesdropping12
.
Additionally, the risks associated with insecure wireless connections, such as
eavesdropping, are discussed in the context of mobile computing device threats and vulnerabilities3
.
The GREATEST benefit of using the CSA Cloud Controls Matrix is that it provides:
A
Explanation:
The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework specifically designed for
cloud computing. It consists of a comprehensive set of control objectives that are structured across
different domains covering all key aspects of cloud technology. One of the greatest benefits of using
the CCM is its ability to map these controls to multiple industry-accepted security standards,
regulations, and control frameworks. This mapping facilitates a streamlined approach to compliance
and security assurance across various standards, making it an invaluable tool for organizations
operating in the cloud.
Reference: The CCM’s advantage of providing a mapping to multiple control frameworks is
highlighted by its alignment with other security standards and its role as a de-facto standard for
cloud security assurance and compliance12
.
This multi-framework mapping capability enables
organizations to document controls for multiple standards and regulations in one place, thereby
simplifying the compliance process and ensuring a comprehensive security posture2
.
Which of the following is MOST important to consider when defining actions to be taken in the event
an intrusion is detected as part of an intrusion detection system (IDS) policy?
C
Explanation:
When defining actions for an IDS policy, the most important consideration is the level of risk to the
organization’s data. This involves assessing the potential impact of the intrusion on the
confidentiality, integrity, and availability of data, which guides the prioritization and response efforts.
Reference = ISACA’s guidance on cybersecurity incident response highlights the importance of
understanding the risk to data as a key factor in shaping the response to intrusions.
This includes
evaluating the severity of the threat and the sensitivity of the affected data to determine the
appropriate actions123
.
Which of the following presents the GREATEST risk to corporate data pertaining to mobile device
usage?
D
Explanation:
Replicating privileged access to a user’s own mobile device presents the greatest risk to corporate
data. This is because it potentially allows unauthorized access to sensitive information if the device is
lost, stolen, or compromised. Privileged access means having elevated permissions that are typically
reserved for administrators. When such access is available on a personal device, it bypasses many of
the security controls that a company would normally have in place.
Option A, remote wipe, is actually a security feature that can protect data if a device is lost or stolen.
Option B, lack of training, can increase risk but does not directly expose data like privileged access
does. Option C, devices not obtained through corporate provisioning, can be a risk, but this risk is
generally less than that of replicating privileged access.
Reference: The information provided here is based on standard cybersecurity practices and
principles, which are likely to be consistent with those found in ISACA’s Cybersecurity Audit
resources.
For specific references, please consult the ISACA Cybersecurity Audit Manual or related
study guides1
.
Which of the following is a weakness associated with the use of symmetric, private keys in wired
equivalent privacy (WEP) encryption?
C
Explanation:
The use of symmetric, private keys in WEP encryption is associated with several weaknesses, one of
which is that the keys often remain unchanged on networks for extended periods. This can lead to
security vulnerabilities because if an attacker manages to compromise a key, they can potentially
gain access to the network and decrypt data for as long as the key remains unchanged.
Reference: The weakness of symmetric key encryption, particularly in the context of WEP, is that the
key must be securely shared and, if compromised, can lead to significant security risks since the
same key is used to encrypt and decrypt data123
. This is exacerbated in WEP due to its flawed
implementation of key management and lack of proper key rotation mechanisms.