You have to pass the CCA exam to receive the certification from IIBA. To increase the effectiveness of your study and make you familiar with the actual exam pattern, we have prepared this IIBA Cybersecurity Analysis sample questions. Our Sample IIBA Cybersecurity Analysis Practice Exam will give you more insight about both the type and the difficulty level of the questions on the IIBA Cybersecurity Analysis exam.
However, we are strongly recommending practice with our Premium IIBA Cybersecurity Analysis (CCA) Practice Exam to achieve the best score in your actual IIBA CCA Exam. The premium practice exam questions are more comprehensive, exam oriented, scenario-based and exact match of IIBA Cybersecurity Analysis exam questions.
IIBA Cybersecurity Analysis Sample Questions:
01. The amount of risk an organization requires to meet their goals is called:
a) risk appetite.
b) vulnerability impact.
c) risk management.
d) risk capacity.
02. What risk attribute must be tracked on a Risk Log to ensure someone is held accountable for the risk?
a) Risk Response Plan.
b) Risk Owner.
c) Risk Category.
d) Risk Score.
03. In Security Engineering, the Business Analyst's role is to represent the enterprise-level security requirements, to ensure that:
a) the architecture and designs align with the organization's core goals and strategic direction.
b) employees are trained to recognize phishing attacks.
c) a control framework is in place.
d) an organizational risk assessment includes assets used by engineering teams.
04. Unchecked user input is a cause of vulnerabilities because:
a) the users may be able to exploit a bug.
b) the user may have malware installed on their computer that will be able to intercept information.
c) it may allow unintended direct execution of commands.
d) passwords may be easily guessed by outsiders.
05. What type of access is granted for groups of employees based on job classification and function?
a) Information Classification.
b) Role Based Access.
c) Preferred Access.
d) Shared Account.
06. Which principle should be followed when gathering access control requirements?
a) Principle of Least Privilege.
b) Principle of Defense in Depth.
c) Principle of Thinking Evil.
d) Principle of Simplicity.
07. Examples of encryption technology controls for data in transit are:
a) information categorization and multi-factor authentication.
b) cryptographic policy management and training.
c) concurrent session control and firewalls.
d) hardware security modules and certificate authorities.
08. What is the difference between a policy and a standard for cybersecurity?
a) A policy defines objectives and governance; a standard describes how to implement policies through specific controls.
b) A policy is a guideline, whereas a standard must be followed.
c) Policies are internal to the enterprise; standards are mandated by external regulators.
d) Standards define what an enterprise must do, whereas policies describe how a standard is implemented.
09. The business case for cybersecurity support should include:
a) Assessment of potential providers and a ranking of their capabilities.
b) Implementation plans describing outsourcing arrangements.
c) Analysis of potential risks, including the probability and impact of the risk.
d) Detailed metrics that will be used to assess the performance of the selected vendor.
10. A certificate chain is a series of certificates issued by successive 'Certificate Authorities' that trace a path of certificates
a) from the branch in the hierarchy to a leaf in the hierarchy.
b) from a leaf in the hierarchy to the branch in the hierarchy.
c) from the root in the hierarchy to a branch in the hierarchy.
d) from a branch in the hierarchy to the root of the hierarchy.
If you find any errors or typos in IIBA Cybersecurity Analysis (CCA) sample question-answers or online IIBA Cybersecurity Analysis practice exam, please report them to us on email@example.com