Master Isaca Cybersecurity-Audit-Certificate Exam with Reliable Practice Questions

Correct : A

Operating system rules can be configured to enforce password complexity requirements. These rules can specify the minimum length, complexity, and expiration of passwords. By setting these parameters, the operating system ensures that users create passwords that are difficult to guess or crack, thus enhancing security.

Multi-factor authentication (B) adds an additional layer of security but does not directly ensure the creation of complex passwords. Information security awareness is crucial for educating users about the importance of complex passwords but does not enforce their creation. Biometrics (D) is an alternative form of authentication that may replace or supplement passwords but does not govern their complexity.

Correct : A

The greatest concern for an IS auditor when a VPN is implemented on employees' personal mobile devices would likely beB. Users may store the data in plain text on their mobile devices. This is because storing sensitive data in plain text can lead to security breaches if the device is lost, stolen, or compromised.

Detailed Step by Step Explanation:

Data at Rest: Personal devices often lack the same level of security as corporate devices, making stored data more vulnerable.

Device Loss or Theft: Personal devices are more likely to be lost or stolen, and if data is stored in plain text, it could be easily accessed.

Compliance and Data Protection: Storing data in plain text may violate compliance requirements and data protection laws, which mandate encryption of sensitive information.

Correct : C

Secret key encryption, also known as symmetric encryption, involves a single key for both encryption and decryption. This method provides the best protection for data on a computer that is stolen because it renders the data unreadable without the key. Even if the thief has access to the physical hardware, without the secret key, the data remains secure and inaccessible.

Correct : B

HTTPS, or Secure Hypertext Transfer Protocol, is an extension of HTTP that is protected by encryption via Transport Layer Security (TLS). This protocol ensures secure communication over a computer network by encrypting the data exchanged between a web server and a web browser, thereby protecting the integrity and confidentiality of the transmitted data.

Reference= While I cannot provide direct references from the Cybersecurity Audit Manual, the definition and workings of HTTPS are well-established in cybersecurity resources.HTTPS uses TLS (formerly SSL) to secure the data transfer, which is a fundamental concept covered in various cybersecurity literature, including ISACA's materials123. For detailed information, please refer to the official ISACA resources and study guides.

Correct : B

When employees use personal mobile devices to access a VPN, the greatest concern for an IS auditor is the potential for sensitive data to be stored in an unsecured manner. If data is stored in plain text, it could be easily accessed by unauthorized parties if the device is lost, stolen, or compromised. This risk is heightened when the devices are not managed by the organization's IT department, which would typically enforce security policies such as encryption.