Isaca Updated CISA Exam Questions and Answers by miriam

The effectiveness of an organization’s security awareness program can be measured by capturing data on changes in the way people react to threats, such as the ability to recognize and avoid social engineering attacks1. An increase in the number of phishing emails reported by employees indicates that they are more aware of the signs and risks of phishing, and are more likely to take appropriate actions to prevent or mitigate the impact of such attacks23.

References

1: The Importance Of Measuring Security Awareness 2: Measuring the effectiveness of your security awareness program 3: How effective is security awareness training?

Comprehensive and Detailed Step-by-Step Explanation:

Exploitationis the phase where testersleverage identified vulnerabilitiestogain unauthorized accessto systems.

Exploitation (Correct Answer – B)

Attackers use techniques such as SQL injection, buffer overflow, or privilege escalation.

Example:A tester exploits a weak password to gain admin access.

Exfiltration (Incorrect – A)

The process of stealing dataaftergaining access.

Reconnaissance (Incorrect – C)

The initial stage where attackers gather information about the target.

Scanning (Incorrect – D)

Involves identifying open ports and services but does not involve actual attacks.

Comprehensive and Detailed Step-by-Step Explanation:

When storage space is limited,incremental backupsare the most efficient because they store only the changes made since the last backup, reducing storage requirements.

Option A (Correct):Incremental backupsonly store data that has changed since the last backup, significantly reducing storage usage while maintaining a historical record of changes.

Option B (Incorrect):Mirror backupscreate an exact copy of the entire system, consuming significant storage space andnot retaining historical versions.

Option C (Incorrect):Full backupscapture everything and require large amounts of storage, making them impractical for space-constrained environments.

Option D (Incorrect):Annual backupsrefer to frequency rather than method. They do not inherently optimize storage usage.

Comprehensive and Detailed Step-by-Step Explanation:

In forensic investigations,maintaining a proper chain of custodyiscriticalto ensuring that evidence is admissible in court and has not been altered.

Option A (Incorrect):Activatingsecurity features(e.g., encryption or tokenization) is apreventive measurebut does not aid in investigating the attack.

Option B (Incorrect):Blocking payment platforms may be necessary fordamage control, but it does not ensure a properinvestigation.

Option C (Correct):Thechain of custodyensures thatevidence remains intact, can betraced, and islegally validfor prosecution. This is the most critical aspect of forensic investigations.

Option D (Incorrect):Interviewing staff may provide insights, but without properevidence handling, the investigation’s integrity is at risk.