Home > CISA (Certified Information Systems Auditor) > Quizzes > CISA Domain 5: Protection of Information Asset
CISA Domain 5: Protection of Information Asset
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 28% Most missed: “An organization suspects one of its employees of a security violation regarding …”
CISA Domain 5: Protection of Information Asset
Time left 00:00
25 Questions

1. In an environment where users are not local administrators of their workstations, which of the following methods ensures that end users are not able to use their mobile devices as mobile Wi-Fi hotspots for circumventing network security controls such as web content filters and IPS?
2. A user at work logs on to a web site that includes links to various business applications. Once the user logs on to the web site, the user does not need to log on to individual business applications. What mechanism provides this capability?
3. What is the primary advantage of cloud-based web content filtering versus on-premises web content filtering:
4. The primary advantage of a firewall on a laptop computer is:
5. An organization is investigating the use of an automated DLP solution that controls whether data files can be sent via e-mail or stored on USB drives based on their tags. What is the advantage of the use of tags for such a solution?
6. Why is it important for a web session cookie to be encrypted?
7. A security analyst spends most of her time on a system that collects log data and correlates events from various systems to deduce potential attacks in progress. What kind of a system is the security analyst using?
8. What is the appropriate consequence of SOC operators declaring incidents that turn out to be false positives?
9. Which of the following techniques most accurately describes a penetration test?
10. A security leader needs to develop a data classification program. After developing the data classification and handling policy, what is the best next step to perform?
11. The “right to be forgotten” was first implemented by:
12. What feature permits enterprise users of Microsoft Outlook to digitally sign e-mail messages?
13. The term “tailgating” most often refers to:
14. Which of the following tools is considered a search engine that can be used to list vulnerabilities in devices?
15. An employee notes that a company document is marked “Confidential.” Is it acceptable for the employee to e-mail the document to a party outside the company?
16. What is the purpose of the Firesheep tool?
17. An organization is implementing a new SIEM. How must engineers get log data from systems and devices to the SIEM?
18. In the context of information technology and information security, what is the purpose of fuzzing?
19. A browser contacts a web server and requests a web page. The web server responds with a status code 200. What is the meaning of this status code?
20. Why would a hypervisor conceal its existence from a guest OS?
21. Which U.S. government agency enforces retail organizations’ information privacy policy?
22. What is the best approach for implementing a new blocking rule in an IPS?
23. An attacker who is attempting to infiltrate an organization has decided to employ a DNS poison cache attack. What method will the attacker use to attempt this attack?
24. An organization is seeking to establish a protocol standard for federated authentication. Which of the following protocols is least likely to be selected?
25. All of the following tools are used to detect changes in static files except: