Free IIBA - CCA Exam Questions

IIBA® and IEEE Computer Society have partnered to offer a robust learning and certification program on Cybersecurity Analysis.

IIBA-CCA provides the opportunity to learn key cybersecurity concepts and tools business analysts need to demonstrate core competencies.

The following IIBA-CCA Exam Questions and Answers with Explanations are a step in the direction of Adaptive’s 2020 Goal– ‘Give before you take, Share Knowledge with the World to make it a better place’.

We are committed to the success of our customers.

#Q1. Analyst B has discovered unauthorized access to data. What has she discovered?

1. Breach
2. Hacker
3. Threat
4. Ransomware

Answer: Option A

Explanation: Breach is defined as an incident resulting in unauthorized access to data, applications, services, networks, and/or devices.

#Q2. Analyst B has discovered multiple attempts from unauthorized users to access confidential data. This is most likely?

1. Admin
2. Hacker
3. User
4. IT Support

Answer: Option B

Explanation: Hacker is an unauthorized user who attempts to or gains access. 

#Q3. Analyst B has discovered multiple sources which can harm the organization’s systems. What has she discovered?

1. Breach
2. Hacker
3. Threat
4. Ransomware

Answer: Option C

Explanation: Threat is anything that has the potential to cause serious harm to a computer system.

#Q4. An internet-based organization whose address is not known has attempted to acquire personal identification details such as usernames and passwords by creating a fake website. This is an example of?

1. Breach
2. Phishing
3. Threat
4. Ransomware

Answer: Option B

Explanation: Phishing is a fraudulent act of acquiring sensitive information, such as credit card numbers, personal identification. usernames and passwords.

#Q5. One of the employees of the organization has obtained a loan by using another employee’s salary documents. This is an example of?

1. Identity threat
2. Threat
3. Exploit
4. Ransomware

Answer: Option B

Explanation: Identity theft is an unauthorized collection of personal information and uses it for criminal reasons.

#Q6. Among the following, which task is not a usual expectation from the cybersecurity analyst?

1. Understand the importance of cybersecurity
2. Understand risks of cyber-attacks, identity and data theft, loss or disruption of services, communication, systems, and infrastructure
3. Follow industry-wide standards and practices to minimize risk
4. Take periodic back-up of data for the organization

Answer: Option D

Explanation: This is the work of the IT Operations department.

#Q7. What is the likely cost of cyber threats annually by 2021?

1. 1 Trillion
2. 3 Trillion
3. 6 Trillion
4. 12 Trillion

Answer: Option B

Explanation: Data provided in IIBA Cyber Security Guide.

#Q8. Architecture, that defines the business strategy, governance, organization, and key business processes, is known as?

1. Business architecture
2. Data architecture
3. Application architecture
4. Technology architecture

Answer: Option A

Explanation: Business architecture defines the business strategy, governance, organization, and key business processes.

#Q9. Architecture, which provides a blueprint for individual application systems to be deployed, their interactions, and their relationships to core business processes of an organization, is known as?

1. Business architecture
2. Data architecture
3. Application architecture
4. Technology architecture

Answer: Option C

Explanation: Application architecture that provides a blueprint for individual application systems to be deployed, their interactions, and their relationships to core business processes of the organization.

#Q10. Architecture that is across all of these elements of architecture that tries to protect the organization’s information and operations is known as?

1. Business architecture
2. Security architecture
3. Application architecture
4. Technology architecture

Answer: Option B

Explanation: Security architecture’s primary objective is to protect the organization’s information and operations.

#Q11. Which server handles application requests from a client with an HTTP interface to move, receive and send information?

1. File Server
2. Directory Server
3. Web Server
4. Application Server

Answer: Option C

Explanation: Web server handles application requests from a client with an http interface to move receive and send information.

#Q12. Which server handles processing logic on data received from client and from database and applies programming logic rules to data?

1. File Server
2. Directory Server
3. Web Server
4. Application Server

Answer: Option D

Explanation: Application server handles processing logic on data received from client and from database and applies programming logic rules to data.

#Q13. Which server stores and retrieves information and optimizes storage of information in a defined folder structure?

1. File Server
2. Directory Server
3. Web Server
4. Application Server

Answer: Option A

Explanation: Folders are linked-to file.

#Q14. Which layers of internet communication mostly concern themselves with moving data around?

1. Upper
2. Lower
3. External
4. Internal

Answer: Option B

Explanation: Lower layers focus on data transmissions.

#Q15. Which approach assumes majority of planning is completed before construction is initiated?

1. Waterfall
2. Agile
3. Scrum
4. Hybrid

Answer: Option A

Explanation: Waterfall proposes complete planning.

#Q16. Which element of the following is not a part of ITIL?

1. Service strategy
2. Service design
3. Service transition
4. Service selling
   
   

Answer: Option D

Explanation: Remaining 3 are part of ITIL.

#Q17. Protection of computer networks and data from various electronic and digital threats is known as?

1. Cyber Security
2. Data Security
3. Network Security
4. Server Security

Answer: Option A

Explanation: Cybersecurity deals with protecting computer networks and data from various electronic and digital threats.

#Q18. Protection of organization’s data from threats is known as?

1. Cyber Security
2. Data Security
3. Network Security
4. Server Security

Answer: Option B

Explanation: Data security deals with protection of data from various of electronic and digital threats.

#Q19. Charter as a deliverable is of utmost interest to?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Answer: Option A

Explanation: Leadership needs to set up a charter.

#Q20. Security requirements as a deliverable are of utmost interest to which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. Marketing

Answer: Option C

Explanation: Enablers are accountable for Security.

#Q21. Solution requirements as a deliverable is of utmost interest to

1. Leadership
2. Business
3. Enablers
4. IT Operations

Answer: Option C

Explanation: Business Process Maps, Solution requirements, Gap Analysis, Training etc. are the BA Focal Points/Related Deliverables for Business/Client

#Q22. Application support is typically the primary responsibility of which stakeholder group ?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Answer: Option D

Explanation: IT operations provide support.

#Q23. A steering committee is typically a part of which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Answer: Option A

Explanation: Steering committee provides leadership and direction.

#Q24. Enterprise-level threat assessment is typically the key responsibility of which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Answer: Option A

Explanation: Leadership is accountable for managing enterprise threats.

#Q25. A framework containing security policies, approach, tools and awareness programs for achieving the organization’s security objectives is know as?

1. Cyber security

2. Security Policy

3. CIA Triad

4. Security Governance

Answer: Option D

Explanation: Governance: Security governance is a framework containing security policies, approaches, tools, and awareness programs for achieving the organization’s security objectives. Risk and data privacy is enforced by security policies.

#Q26. An intent statement that includes security objectives or provides the framework for setting information security objectives is known as?

1. Information Security Management System

2. Security Policy

3. CIA Triad

4. Governance

Answer: Option B

Explanation: Security Policy: A policy that “includes security objectives or provides the framework for setting information security objectives”

#Q27. What consists of policies and procedures in the pursuit of protecting its information assets?

1. Information Security Management System

2. Security Policy

3. CIA Triad

4. Security Objectives

Answer: Option A

Explanation: Information Security Management System (ISMS): Consists of the policy, procedures, guidelines, and associated resources and activities, collectively managed by an organization in the pursuit of protecting its information assets.

#Q28. The role which is accountable for security governance is typically known as?

1. CISO

2. PISO

3. KISO

4. DISO

Answer: Option A

Explanation: Chief Information Security Officer (CISO): Accountable for security governance and interacts with Chief Data Officers and Chief Digital Officers, when they exist.

#Q29. Among the following, what is most likely NOT only a software asset?

1. Internet of Things (IoT) devices

2. Machine Learning

3. Artificial Intelligence (AI)

4. Robotics Process Automation