Home > CISA (Certified Information Systems Auditor) > Quizzes > CISA Domain 5: Protection of Information Asset
CISA Domain 5: Protection of Information Asset
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 28% Most missed: “An organization suspects one of its employees of a security violation regarding …”
CISA Domain 5: Protection of Information Asset
Time left 00:00
25 Questions

1. Blockchain is best described as:
2. According to the European General Data Protection Regulation (GDPR), what is the requirement for organizations’ use of a Data Protection Officer (DPO)?
3. Which of the following statements is true regarding the Payment Card Industry Data Security Standard (PCI-DSS)?
4. The entity that accepts requests for new public keys in a PKI is known as the:
5. An attacker who is attempting to infiltrate an organization has decided to employ a DNS poison cache attack. What method will the attacker use to attempt this attack?
6. A recent audit of an IT operation included a finding stating that the organization experiences virtualization sprawl. What is the meaning of this term?
7. An organization is seeking to establish a protocol standard for federated authentication. Which of the following protocols is least likely to be selected?
8. Which of the following correctly describes the correct sequence for computer security incident response?
9. Which of the following tools is considered a search engine that can be used to list vulnerabilities in devices?
10. A forensic investigator is seen to be creating a detailed record of artifacts that are collected, analyzed, controlled, transferred to others, and stored for safekeeping. What kind of a written record is this?
11. What is the purpose of data classification?
12. What is the biggest risk associated with access badges that show the name of the organization?
13. The general counsel is becoming annoyed with notifications of minor security events occurring in the organization. This is most likely due to:
14. An employee notes that a company document is marked “Confidential.” Is it acceptable for the employee to e-mail the document to a party outside the company?
15. Why would a hypervisor conceal its existence from a guest OS?
16. A URL starting with shttp:// signifies what technology?
17. In an environment where users are not local administrators of their workstations, which of the following methods ensures that end users are not able to use their mobile devices as mobile Wi-Fi hotspots for circumventing network security controls such as web content filters and IPS?
18. Guessing that an intended victim has a particular online banking session open, an attacker attempts to trick the victim into clicking on a link that will attempt to execute a transaction on the online banking site. This type of an attack is known as:
19. All of the following are appropriate uses of digital signatures except:
20. How can an organization prevent employees from connecting to the corporate Exchange e-mail environment with personally owned mobile devices?
21. What technique does PGP use to permit multiple users to read an encrypted document?
22. An organization is implementing a new SIEM. How must engineers get log data from systems and devices to the SIEM?
23. A web application stores unique codes on each user’s system in order to track the activities of each visitor. What is a common term for these codes?
24. The term “virtual memory” refers to what mechanism?
25. The default principle in the European General Data Protection Regulation for marketing communications from organizations to citizens is: