CCNA Cisa Information Protection Questions

8 of 83 questions · Page 2/2 · Cisa Information Protection topic · Answers revealed

76
MCQmedium

During an audit of an organization's information security programme, the IS auditor finds that the security awareness training completion rate is 95% but phishing simulation tests show a 30% failure rate. What should the auditor recommend?

A.Increase the frequency of phishing simulations to quarterly
B.Disciplinary action for employees who fail phishing tests
C.Mandate that all employees repeat the training annually
D.Revise the security awareness program content to focus on practical phishing recognition
AnswerD

Improving the content to be more practical and scenario-based can lead to better outcomes.

Why this answer

The gap between high training completion and poor phishing test results indicates that the training content is not effective in changing behavior. The auditor should recommend reviewing and improving the training to address weaknesses.

77
Multi-Selectmedium

An IS auditor is evaluating the privacy controls of an e-commerce company that collects and processes personal data from customers in multiple jurisdictions, including the European Union (GDPR). The company has a data inventory but has not conducted a privacy impact assessment (PIA) for a new customer analytics platform that processes sensitive data. Which THREE of the following are the MOST critical deficiencies that the auditor should report?

Select 3 answers
A.Inadequate data minimization practices in the platform design
B.Lack of a privacy impact assessment (PIA) for the new platform
C.Lack of an up-to-date privacy notice on the website
D.Absence of cross-border data transfer mechanisms such as Standard Contractual Clauses (SCCs)
E.Insufficient consent management processes for data processing
AnswersB, D, E

PIA is mandatory for high-risk processing under GDPR.

Why this answer

Under GDPR, a PIA is required for high-risk processing. Cross-border transfers without safeguards violate GDPR. Consent management is also a key requirement.

Data minimization is a principle, but not necessarily a critical deficiency without context.

78
Multi-Selecteasy

An IS auditor is reviewing physical security controls at a data center. The data center hosts critical servers and uses a badge access system with PINs, CCTV cameras, and a mantrap entry. The auditor observes that employees sometimes hold the door open for others without badging. Which TWO of the following are the MOST effective controls to address this tailgating risk?

Select 2 answers
A.Conducting security awareness training on tailgating risks
B.Requiring longer and more complex PINs
C.Installing additional access points
D.Increasing the number of CCTV cameras
E.Implementing a mantrap with biometric authentication
AnswersA, E

Training reduces the likelihood of employees allowing tailgating.

Why this answer

Mantraps are specifically designed to prevent tailgating by allowing only one person at a time. Security awareness training educates employees on the risks of tailgating. Increasing camera coverage and PIN complexity do not directly prevent tailgating.

79
Multi-Selectmedium

An IS auditor is evaluating the encryption key management program of a healthcare organization that processes protected health information (PHI). The organization uses a mix of symmetric and asymmetric keys. Which TWO of the following are key management practices that should be addressed to ensure effective protection of PHI?

Select 2 answers
A.Storing encryption keys in a hardware security module (HSM)
B.Implementing a key escrow mechanism for all keys
C.Using the same key to encrypt all PHI for simplicity
D.Distributing keys to authorized users along with encrypted data
E.Rotating keys on a periodic basis or after a security incident
AnswersA, E

HSMs provide tamper-resistant storage for keys.

Why this answer

Effective key management includes secure key storage (e.g., HSM) and regular key rotation to limit exposure. Key escrow is not a standard requirement, and distributing keys with data increases risk. Using a single key for all data violates best practices.

80
MCQhard

An IS auditor is reviewing the privileged access management (PAM) process. The auditor finds that shared administrative accounts are used for critical system maintenance and that passwords are changed quarterly. Which of the following is the BEST recommendation to mitigate the risk of audit trail loss?

A.Implement a password vault with automatic checkout and check-in
B.Increase the frequency of password changes to monthly
C.Implement individual accounts with privilege escalation for administrative tasks
D.Require two-factor authentication for shared account usage
AnswerC

Individual accounts ensure each action is tied to a specific user, providing a complete audit trail.

Why this answer

Shared accounts make it impossible to attribute actions to specific individuals. Implementing individual accounts with privilege escalation (e.g., sudo) allows for accountability and detailed audit trails.

81
Multi-Selecthard

During an audit of incident management processes, the IS auditor reviews past incident reports and conducts interviews. The organization recently experienced a ransomware attack that encrypted critical systems. The incident response team was able to contain the attack but struggled with forensic collection due to lack of pre-defined procedures. Which TWO of the following should the auditor recommend as the HIGHEST priority improvements?

Select 2 answers
A.Conducting tabletop exercises with the incident response team
B.Acquiring advanced malware analysis tools
C.Implementing a more frequent backup schedule
D.Establishing a formal chain of custody process
E.Developing and documenting forensic investigation procedures
AnswersA, E

Tabletop exercises test and improve the team's ability to respond effectively.

Why this answer

Developing forensic procedures ensures proper evidence collection, and regular tabletop exercises improve team readiness. While backup restoration and malware analysis are important, the highest priority is to address the identified gaps in forensics and preparedness.

82
MCQeasy

During an audit of the information security program, the IS auditor reviews the organization's information security policy. Which of the following is the PRIMARY purpose of an information security policy?

A.To provide detailed step-by-step instructions for implementing security controls
B.To specify the technical configurations for security devices
C.To define the roles and responsibilities for information security
D.To communicate management's commitment and direction for information security
AnswerD

The policy is a high-level statement of management's intent and sets the tone for the security program.

Why this answer

An information security policy sets the high-level direction and principles for the security program, outlining management's commitment and expectations.

83
MCQhard

An IS auditor is evaluating the patch management process. The auditor notes that critical security patches are applied within 30 days, but the policy requires 7 days. The IT manager states that the delay is due to testing requirements. What should the auditor recommend?

A.Implement a risk-based patching process that allows faster deployment for critical patches
B.Require automated patching without testing
C.Accept the current practice as a compensating control
D.Modify the policy to align with the actual patching timeline
AnswerA

This balances the need for testing and timely patching.

Why this answer

The auditor should recommend a risk-based approach that allows expedited patching for critical vulnerabilities while maintaining testing for less critical ones. The process should be reviewed to balance security and stability.

← PreviousPage 2 of 2 · 83 questions total

Ready to test yourself?

Try a timed practice session using only Cisa Information Protection questions.

CCNA Cisa Information Protection Questions — Page 2 of 2 | Courseiva