Free IIBA - CCA Exam Questions
IIBA® and IEEE Computer Society have partnered to offer a robust learning and certification program on Cybersecurity Analysis.
IIBA-CCA provides the opportunity to learn key cybersecurity concepts and tools business analysts need to demonstrate core competencies.
The following IIBA-CCA Exam Questions and Answers with Explanations are a step in the direction of Adaptive’s 2020 Goal– ‘Give before you take, Share Knowledge with the World to make it a better place’.
We are committed to the success of our customers.
#Q1. Analyst B has discovered unauthorized access to data. What has she discovered?
- Breach
- Hacker
- Threat
- Ransomware
Answer: Option A
Explanation: Breach is defined as an incident resulting in unauthorized access to data, applications, services, networks, and/or devices.
#Q2. Analyst B has discovered multiple attempts from unauthorized users to access confidential data. This is most likely?
- Admin
- Hacker
- User
- IT Support
Answer: Option B
Explanation: Hacker is an unauthorized user who attempts to or gains access.
#Q3. Analyst B has discovered multiple sources which can harm the organization’s systems. What has she discovered?
- Breach
- Hacker
- Threat
- Ransomware
Answer: Option C
Explanation: Threat is anything that has the potential to cause serious harm to a computer system.
#Q4. An internet-based organization whose address is not known has attempted to acquire personal identification details such as usernames and passwords by creating a fake website. This is an example of?
- Breach
- Phishing
- Threat
- Ransomware
Answer: Option B
Explanation: Phishing is a fraudulent act of acquiring sensitive information, such as credit card numbers, personal identification. usernames and passwords.
#Q5. One of the employees of the organization has obtained a loan by using another employee’s salary documents. This is an example of?
- Identity threat
- Threat
- Exploit
- Ransomware
Answer: Option B
Explanation: Identity theft is an unauthorized collection of personal information and uses it for criminal reasons.
#Q6. Among the following, which task is not a usual expectation from the cybersecurity analyst?
- Understand the importance of cybersecurity
- Understand risks of cyber-attacks, identity and data theft, loss or disruption of services, communication, systems, and infrastructure
- Follow industry-wide standards and practices to minimize risk
- Take periodic back-up of data for the organization
Answer: Option D
Explanation: This is the work of the IT Operations department.
#Q7. What is the likely cost of cyber threats annually by 2021?
- 1 Trillion
- 3 Trillion
- 6 Trillion
- 12 Trillion
Answer: Option B
Explanation: Data provided in IIBA Cyber Security Guide.
#Q8. Architecture, that defines the business strategy, governance, organization, and key business processes, is known as?
- Business architecture
- Data architecture
- Application architecture
- Technology architecture
Answer: Option A
Explanation: Business architecture defines the business strategy, governance, organization, and key business processes.
#Q9. Architecture, which provides a blueprint for individual application systems to be deployed, their interactions, and their relationships to core business processes of an organization, is known as?
- Business architecture
- Data architecture
- Application architecture
- Technology architecture
Answer: Option C
Explanation: Application architecture that provides a blueprint for individual application systems to be deployed, their interactions, and their relationships to core business processes of the organization.
#Q10. Architecture that is across all of these elements of architecture that tries to protect the organization’s information and operations is known as?
- Business architecture
- Security architecture
- Application architecture
- Technology architecture
Answer: Option B
Explanation: Security architecture’s primary objective is to protect the organization’s information and operations.
#Q11. Which server handles application requests from a client with an HTTP interface to move, receive and send information?
- File Server
- Directory Server
- Web Server
- Application Server
Answer: Option C
Explanation: Web server handles application requests from a client with an http interface to move receive and send information.
#Q12. Which server handles processing logic on data received from client and from database and applies programming logic rules to data?
- File Server
- Directory Server
- Web Server
- Application Server
Answer: Option D
Explanation: Application server handles processing logic on data received from client and from database and applies programming logic rules to data.
#Q13. Which server stores and retrieves information and optimizes storage of information in a defined folder structure?
- File Server
- Directory Server
- Web Server
- Application Server
Answer: Option A
Explanation: Folders are linked-to file.
#Q14. Which layers of internet communication mostly concern themselves with moving data around?
- Upper
- Lower
- External
- Internal
Answer: Option B
Explanation: Lower layers focus on data transmissions.
#Q15. Which approach assumes majority of planning is completed before construction is initiated?
- Waterfall
- Agile
- Scrum
- Hybrid
Answer: Option A
Explanation: Waterfall proposes complete planning.
#Q16. Which element of the following is not a part of ITIL?
- Service strategy
- Service design
- Service transition
- Service selling
Answer: Option D
Explanation: Remaining 3 are part of ITIL.
#Q17. Protection of computer networks and data from various electronic and digital threats is known as?
- Cyber Security
- Data Security
- Network Security
- Server Security
Answer: Option A
Explanation: Cybersecurity deals with protecting computer networks and data from various electronic and digital threats.
#Q18. Protection of organization’s data from threats is known as?
- Cyber Security
- Data Security
- Network Security
- Server Security
Answer: Option B
Explanation: Data security deals with protection of data from various of electronic and digital threats.
#Q19. Charter as a deliverable is of utmost interest to?
- Leadership
- Business
- Enablers
- IT Operations
Answer: Option A
Explanation: Leadership needs to set up a charter.
#Q20. Security requirements as a deliverable are of utmost interest to which stakeholder group?
- Leadership
- Business
- Enablers
- Marketing
Answer: Option C
Explanation: Enablers are accountable for Security.
#Q21. Solution requirements as a deliverable is of utmost interest to
- Leadership
- Business
- Enablers
- IT Operations
Answer: Option C
Explanation: Business Process Maps, Solution requirements, Gap Analysis, Training etc. are the BA Focal Points/Related Deliverables for Business/Client
#Q22. Application support is typically the primary responsibility of which stakeholder group ?
- Leadership
- Business
- Enablers
- IT Operations
Answer: Option D
Explanation: IT operations provide support.
#Q23. A steering committee is typically a part of which stakeholder group?
- Leadership
- Business
- Enablers
- IT Operations
Answer: Option A
Explanation: Steering committee provides leadership and direction.
#Q24. Enterprise-level threat assessment is typically the key responsibility of which stakeholder group?
- Leadership
- Business
- Enablers
- IT Operations
Answer: Option A
Explanation: Leadership is accountable for managing enterprise threats.
#Q25. A framework containing security policies, approach, tools and awareness programs for achieving the organization’s security objectives is know as?
-
Cyber security
-
Security Policy
-
CIA Triad
-
Security Governance
Answer: Option D
Explanation: Governance: Security governance is a framework containing security policies, approaches, tools, and awareness programs for achieving the organization’s security objectives. Risk and data privacy is enforced by security policies.
#Q26. An intent statement that includes security objectives or provides the framework for setting information security objectives is known as?
-
Information Security Management System
-
Security Policy
-
CIA Triad
-
Governance
Answer: Option B
Explanation: Security Policy: A policy that “includes security objectives or provides the framework for setting information security objectives”
#Q27. What consists of policies and procedures in the pursuit of protecting its information assets?
-
Information Security Management System
-
Security Policy
-
CIA Triad
-
Security Objectives
Answer: Option A
Explanation: Information Security Management System (ISMS): Consists of the policy, procedures, guidelines, and associated resources and activities, collectively managed by an organization in the pursuit of protecting its information assets.
#Q28. The role which is accountable for security governance is typically known as?
-
CISO
-
PISO
-
KISO
-
DISO
Answer: Option A
Explanation: Chief Information Security Officer (CISO): Accountable for security governance and interacts with Chief Data Officers and Chief Digital Officers, when they exist.
#Q29. Among the following, what is most likely NOT only a software asset?
-
Internet of Things (IoT) devices
-
Machine Learning
-
Artificial Intelligence (AI)
-
Robotics Process Automation