IIBA CCA Mock Questions

(Answers after the questions section)

Q1: Analyst B has discovered unauthorized access to data. What has she discovered?

1. Breach
2. Hacker
3. Threat
4. Ransomware

Q2: Analyst B has discovered multiple attempts from unauthorized users to access confidential data. This is most likely?

1. Admin
2. Hacker
3. User
4. IT Support

Q3: Analyst B has discovered multiple sources which can harm the organization’s systems. What has she discovered?

1. Breach
2. Hacker
3. Threat
4. Ransomware

Q4: An internet-based organization whose address is not known has attempted to acquire personal identification details such as usernames and passwords by creating a fake website. This is an example of?

1. Breach
2. Phishing
3. Threat
4. Ransomware

Q5: One of the employees of the organization has obtained a loan by using another employee’s salary documents. This is an example of?

1. Identity threat
2. Threat
3. Exploit
4. Ransomware

Q6: Among the following, which task is not a usual expectation from the cybersecurity analyst?

1. Understand the importance of cybersecurity
2. Understand risks of cyber-attacks, identity and data theft, loss or disruption of services, communication, systems, and infrastructure
3. Follow industry-wide standards and practices to minimize risk
4. Take periodic back-up of data for the organization

Q7: What is the likely cost of cyber threats annually by 2021?

1. 1 Trillion
2. 3 Trillion
3. 6 Trillion
4. 12 Trillion

Q8: Architecture, that defines the business strategy, governance, organization, and key business processes, is known as?

1. Business architecture
2. Data architecture
3. Application architecture
4. Technology architecture 

Q9: Architecture, which provides a blueprint for individual application systems to be deployed, their interactions, and their relationships to core business processes of an organization, is known as?

1. Business architecture
2. Data architecture
3. Application architecture
4. Technology architecture

Q10: Architecture that is across all of these elements of architecture that tries to protect the organization’s information and operations is known as?

1. Business architecture
2. Security architecture
3. Application architecture
4. Technology architecture

Q11: Which server handles application requests from a client with an HTTP interface to move, receive and send information?

1. File Server
2. Directory Server
3. Web Server
4. Application Server
   

Q12: Which server handles processing logic on data received from client and from database and applies programming logic rules to data?

1. File Server
2. Directory Server
3. Web Server
4. Application Server

Q13: Which server stores and retrieves information and optimizes storage of information in a defined folder structure?

1. File Server
2. Directory Server
3. Web Server
4. Application Server

Q14: Which layers of internet communication mostly concern themselves with moving data around?

1. Upper
2. Lower
3. External
4. Internal

Q15: Which approach assumes majority of planning is completed before construction is initiated?

1. Waterfall
2. Agile
3. Scrum
4. Hybrid

Q16: Which element of the following is not a part of ITIL?

1. Service strategy
2. Service design
3. Service transition
4. Service selling

Q17: Protection of computer networks and data from various electronic and digital threats is known as?

1. Cyber Security
2. Data Security
3. Network Security
4. Server Security

Q18: Protection of organization’s data from threats is known as?

1. Cyber Security
2. Data Security
3. Network Security
4. Server Security

Q19: Charter as a deliverable is of utmost interest to?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Q20: Security requirements as a deliverable are of utmost interest to which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. Marketing

Q21: Solution requirements as a deliverable is of utmost interest to

1. Leadership
2. Business
3. Enablers
4. IT Operations

Q22: Application support is typically the primary responsibility of which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Q23: A steering committee is typically a part of which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Q24: Enterprise-level threat assessment is typically the key responsibility of which stakeholder group?

1. Leadership
2. Business
3. Enablers
4. IT Operations

Q25: A framework containing security policies, approach, tools and awareness programs for achieving the organization’s security objectives is know as?

1. Cyber Security
2. Security Policy
3. CIA Triad
4. Security Governance 

Answers to Questions

Question 1

Correct Option: A. Breach

Explanation: Breach is defined as an incident resulting in unauthorized access to data, applications, services, networks, and/or devices.

Question 2

Correct Option: B. Hacker

Explanation: Hacker is an unauthorized user who attempts to or gains access.

Question 3

Correct Option: C. Threat

Explanation: Threat is anything that has the potential to cause serious harm to a computer system.

Question 4

Correct Option: B. Phishing

Explanation: Phishing is a fraudulent act of acquiring sensitive information, such as credit card numbers, personal identification. usernames and passwords.

Question 5

Correct Option: B. Threat

Explanation: Identity theft is an unauthorized collection of personal information and uses it for criminal reasons.

Question 6

Correct Option: D. Take periodic back-up of data for the organization

Explanation: This is the work of the IT Operations department.

Question 7

Correct Option: B. 3 Trillion

Explanation: Data provided in IIBA Cyber Security Guide.

Question 8

Correct Option: A. Business architecture

Explanation: Business architecture defines the business strategy, governance, organization, and key business processes.

Question 9

Correct Option: C. Application architecture

Explanation: Application architecture that provides a blueprint for individual application systems to be deployed, their interactions, and their relationships to core business processes of the organization.

Question 10

Correct Option: B. Security architecture

Explanation: Security architecture’s primary objective is to protect the organization’s information and operations.

Question 11

Correct Option: C. Web Server

Explanation:  Web server handles application requests from a client with an http interface to move receive and send information.

Question 12

Correct Option: D. Application Server

Explanation: Application server handles processing logic on data received from client and from database and applies programming logic rules to data.

Question 13

Correct Option: A. File Server

Explanation: Folders are linked-to file.

Question 14

Correct Option: B. Lower

Explanation: Lower layers focus on data transmissions.

Question 15

Correct Option: A. Waterfall

Explanation: Waterfall proposes complete planning.

Question 16

Correct Option: D. Service selling

Explanation: Remaining 3 are part of ITIL.

Question 17

Correct Option: A. Cyber Security

Explanation: Cybersecurity deals with protecting computer networks and data from various electronic and digital threats.

Question 18

Correct Option: B. Data Security

Explanation: Data security deals with protection of data from various of electronic and digital threats.

Question 19

Correct Option: A. Leadership

Explanation: Leadership needs to set up a charter.

Question 20

Correct Option: C. Enablers

Explanation: Enablers are accountable for Security.

Question 21

Correct Option: C. Enablers

Explanation: Business Process Maps, Solution requirements, Gap Analysis, Training etc. are the BA Focal Points/Related Deliverables for Business/Client

Question 22

Correct Option: D. IT Operations

Explanation: IT operations provide support.

Question 23

Correct Option: A. Leadership

Explanation: Steering committee provides leadership and direction.

Question 24

Correct Option: A. Leadership

Explanation: Leadership is accountable for managing enterprise threats.

Question 25

Correct Option: D. Security Governance

Explanation: Security governance is a framework containing security policies, approaches, tools, and awareness programs for achieving the organization’s security objectives. Risk and data privacy is enforced by security policies.