Instant Access ISACA.Cybersecurity-Audit-Certificate.v2025-08-19.q70 Actual Practice Test Engine for Free (Page 6)

Welcome to DumpsDB

- Passing Exams, Dumps for Free

Request Exam Contact

Home
Popular Exams
- Oracle
- Fortinet
- IBM
- Juniper
- Microsoft
- Cisco
- Citrix
- CompTIA
- VMware
- ISC
- SAP
- EMC
- PMI
- HP
- Salesforce
View All Exams
New Dumps
Upload

Oracle
Fortinet
IBM
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
Cybersecurity-Audit-Certificate Exam
ISACA.Cybersecurity-Audit-Certificate.v2025-08-19.q70 Dumps

«
1
2
3
4
5
6
7
8
9
10
…
»
»»

Question 21

Which of the following is a passive activity that could be used by an attacker during reconnaissance to gather information about an organization?

A.Using open source discovery
B.Scanning the network perimeter
C.Social engineering
D.Crafting counterfeit websites

Correct Answer: A

A passive activity that could be used by an attacker during reconnaissance to gather information about an organization is using open source discovery. This is because open source discovery is a technique that involves collecting and analyzing publicly available information about an organization, such as its website, social media, press releases, annual reports, etc. Open source discovery does not require any direct interaction or communication with the target organization or its systems or network, and therefore does not generate any traffic or alerts that could be detected by the organization's security controls. The other options are not passive activities that could be used by an attacker during reconnaissance to gather information about an organization, but rather active activities that involve direct or indirect interaction or communication with the target organization or its systems or network, such as scanning the network perimeter (B), social engineering C, or crafting counterfeit websites (D).

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 22

Which of the following is an objective of public key infrastructure (PKI)?

A.Creating the private-public key pair for secure communications
B.Independently authenticating the validity of the sender's public key
C.Securely distributing secret keys to the communicating parties
D.Approving the algorithm to be used during data transmission

Correct Answer: B

Explanation
An objective of public key infrastructure (PKI) is to independently authenticate the validity of the sender's public key. PKI is a system that uses cryptographic keys to secure communications and transactions. PKI involves a trusted third party called a certificate authority (CA) that issues digital certificates that link a public key with an identity. The recipient can use the CA's public key to verify the sender's certificate and public key.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 23

Which of the following is the MAIN reason why domain name system (DNS) data exfiltration is a significant threat to mobile computing?

A.It is simple to inject malformed code to compromise data processing.
B.It is easy to execute command and control of the mobile target.
C.It is difficult to distinguish malicious activity from legitimate traffic.
D.There is relative anonymity of network connections outside the organization.

Correct Answer: C

DNS data exfiltration poses a significant threat to mobile computing mainly because it is challenging to differentiate between malicious activity and legitimate DNS traffic. Attackers can exploit this by embedding data within DNS queries and responses, which often go unnoticed because DNS traffic is generally allowed through firewalls and security systems without triggering alerts. This method of data theft can be particularly effective in mobile computing, where devices frequently switch networks and rely on DNS for connectivity.
Reference = ISACA's resources on cybersecurity risks associated with DNS highlight the difficulty in detecting DNS data exfiltration due to its ability to blend in with normal traffic. This is further supported by industry resources that discuss the challenges in identifying and preventing such exfiltration techniques1234.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 24

Which of the following is the MOST relevant type of audit to conduct when fraud has been detected following an incident?

A.Cybersecurity audit
B.Financial audit
C.Forensics audit
D.Cyber insurance audit

Correct Answer: C

When fraud has been detected following an incident, a forensics audit is the most relevant type of audit to conduct. A forensics audit is specifically designed to investigate and uncover evidence of fraud, misconduct, or other financial crimes. It involves the use of auditing and investigative skills to examine financial records, identify irregularities, and gather evidence that can be used in legal proceedings1.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 25

Security awareness training is MOST effective against which type of threat?

A.Command injection
B.Denial of service
C.Social engineering
D.Social injection

Correct Answer: C

Security awareness training is MOST effective against social engineering threats. This is because social engineering is a type of attack that exploits human psychology and behavior to manipulate or trick users into revealing sensitive or confidential information, or performing actions that compromise security. Security awareness training helps to educate users about the common types and techniques of social engineering attacks, such as phishing, vishing, baiting, etc., and how to recognize and avoid them. Security awareness training also helps to foster a culture of security within the organization and empower users to report any suspicious or malicious activities. The other options are not types of threats that security awareness training is most effective against, but rather types of attacks that exploit technical vulnerabilities or flaws in systems or applications, such as command injection (A), denial of service (B), or SQL injection (D).

Comment: *

Name: *

Email: *

Verification: *

insert code

«
1
2
3
4
5
6
7
8
9
10
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.Cybersecurity-Audit-Certificate.v2025-08-19.q70 Dumps

Email:

We are the Largest and the most Updated website for all vendors Certification Exam materials around the world.

Using resources of we provide, we strive using dumps to strengthen the community of High level Certification professionals for free.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 DumpsDB

www.dumpsdb.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics