Spring Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

Certificate in Cybersecurity Analysis (CCA) Question and Answers

Certificate in Cybersecurity Analysis (CCA)

Last Update Feb 28, 2026
Total Questions : 75

We are offering FREE IIBA-CCA IIBA exam questions. All you do is to just go and sign up. Give your details, prepare IIBA-CCA free exam questions and then go for complete pool of Certificate in Cybersecurity Analysis (CCA) test questions that will help you more.

IIBA-CCA pdf

IIBA-CCA PDF

$36.75  $104.99
 Add to Cart
IIBA-CCA Engine

IIBA-CCA Testing Engine

$43.75  $124.99
 Add to Cart
IIBA-CCA PDF + Engine

IIBA-CCA PDF + Testing Engine

$57.75  $164.99
 Add to Cart
Questions 1

Which of the following factors is most important in determining the classification of personal information?

Options:

A.  

Integrity

B.  

Confidentiality

C.  

Availability

D.  

Accessibility

Discussion 0
Questions 2

What is an embedded system?

Options:

A.  

A system that is located in a secure underground facility

B.  

A system placed in a location and designed so it cannot be easily removed

C.  

It provides computing services in a small form factor with limited processing power

D.  

It safeguards the cryptographic infrastructure by storing keys inside a tamper-resistant external device

Discussion 0
Questions 3

Which of the following activities are part of the business analyst’s role in ensuring compliance with security policies?

Options:

A.  

Auditing enterprise security policies to ensure that they comply with regulations

B.  

Ensuring that security policies are reflected in the solution requirements

C.  

Testing applications to identify potential security holes

D.  

Checking to ensure that business users follow the security requirements

Discussion 0
Questions 4

Compliance with regulations is generally demonstrated through:

Options:

A.  

independent audits of systems and security procedures.

B.  

review of security requirements by senior executives and/or the Board.

C.  

extensive QA testing prior to system implementation.

D.  

penetration testing by ethical hackers.

Discussion 0
Questions 5

What is a Recovery Point Objective RPO?

Options:

A.  

The point in time prior to the outage to which business and process data must be recovered

B.  

The maximum time a system may be out of service before a significant business impact occurs

C.  

The target time to restore a system without experiencing any significant business impact

D.  

The target time to restore systems to operational status following an outage

Discussion 0
Questions 6

What is whitelisting in the context of network security?

Options:

A.  

Grouping assets together based on common security requirements, and placing each group into an isolated network zone

B.  

Denying access to applications that have been determined to be malicious

C.  

Explicitly allowing identified people, groups, or services access to a particular privilege, service, or recognition

D.  

Running software to identify any malware present on a computer system

Discussion 0
Questions 7

Controls that are put in place to address specific risks may include:

Options:

A.  

only initial reviews.

B.  

technology or process solutions.

C.  

partial coverage of one or more risks.

D.  

coverage for partial extent and scope of the risk.

Discussion 0
Questions 8

What common mitigation tool is used for directly handling or treating cyber risks?

Options:

A.  

Exit Strategy

B.  

Standards

C.  

Control

D.  

Business Continuity Plan

Discussion 0
Questions 9

Recovery Point Objectives and Recovery Time Objectives are based on what system attribute?

Options:

A.  

Sensitivity

B.  

Vulnerability

C.  

Cost

D.  

Criticality

Discussion 0
Questions 10

What risk factors should the analyst consider when assessing the Overall Likelihood of a threat?

Options:

A.  

Attack Initiation Likelihood and Initiated Attack Success Likelihood

B.  

Risk Level, Risk Impact, and Mitigation Strategy

C.  

Overall Site Traffic and Commerce Volume

D.  

Past Experience and Trends

Discussion 0
Questions 11

If a threat is expected to have a serious adverse effect, according to NIST SP 800-30 it would be rated with a severity level of:

Options:

A.  

moderate.

B.  

severe.

C.  

severely low.

D.  

very severe.

Discussion 0
Questions 12

What is the definition of privileged account management?

Options:

A.  

Establishing and maintaining access rights and controls for users who require elevated privileges to an entity for an administrative or support function

B.  

Applying identity and access management controls

C.  

Managing senior leadership and executive accounts

D.  

Managing independent authentication of accounts

Discussion 0
Questions 13

What risk to information integrity is a Business Analyst aiming to minimize, by defining processes and procedures that describe interrelations between data sets in a data warehouse implementation?

Options:

A.  

Unauthorized Access

B.  

Confidentiality

C.  

Data Aggregation

D.  

Cross-Site Scripting

Discussion 0
Questions 14

What is defined as an internal computerized table of access rules regarding the levels of computer access permitted to login IDs and computer terminals?

Options:

A.  

Access Control List

B.  

Access Control Entry

C.  

Relational Access Database

D.  

Directory Management System

Discussion 0
Questions 15

How does Transport Layer Security ensure the reliability of a connection?

Options:

A.  

By ensuring a stateful connection between client and server

B.  

By conducting a message integrity check to prevent loss or alteration of the message

C.  

By ensuring communications use TCP/IP

D.  

By using public and private keys to verify the identities of the parties to the data transfer

Discussion 0
Questions 16

Information classification of data is a level of protection that is based on an organization's:

Options:

A.  

retention for auditing purposes.

B.  

need for access by employees.

C.  

timing of availability for automated systems.

D.  

risk to loss or harm from disclosure.

Discussion 0
Questions 17

Certificates that provide SSL/TLS encryption capability:

Options:

A.  

are similar to the unencrypted data.

B.  

can be purchased from certificate authorities.

C.  

are for data located on thumb drives.

D.  

can provide authorization of data access.

Discussion 0
Questions 18

An internet-based organization whose address is not known has attempted to acquire personal identification details such as usernames and passwords by creating a fake website. This is an example of?

Options:

A.  

Breach

B.  

Phishing

C.  

Threat

D.  

Ransomware

Discussion 0
Questions 19

Why is directory management important for cybersecurity?

Options:

A.  

It prevents outside agents from viewing confidential company information

B.  

It allows all application security to be managed through a single interface

C.  

It prevents outsiders from knowing personal information about employees

D.  

It controls access to folders and files on the network

Discussion 0
Questions 20

What is the first step of the forensic process?

Options:

A.  

Reporting

B.  

Examination

C.  

Analysis

D.  

Collection

Discussion 0
Questions 21

What terms are often used to describe the relationship between a sub-directory and the directory in which it is cataloged?

Options:

A.  

Primary and Secondary

B.  

Multi-factor Tokens

C.  

Parent and Child

D.  

Embedded Layers

Discussion 0
Questions 22

The process by which organizations assess the data they hold and the level of protection it should be given based on its risk to loss or harm from disclosure, is known as:

Options:

A.  

vulnerability assessment.

B.  

internal audit.

C.  

information classification.

D.  

information categorization.

Discussion 0