Back to Certified Information Systems Auditor (CISA)

Protection of Information Assets - Security Event Management

Managing security events and incidents.

5 minutes 5 Questions

Security Event Management, within the Protection of Information Assets domain for CISA, involves systematic monitoring, analysis, and response to security incidents. It establishes a framework for real-time detection and management of security events across an organization's infrastructure. Securi…

Concepts covered
Information System Attack Methods and TechniquesSecurity Testing Tools and TechniquesSecurity Awareness Training and ProgramsSecurity Incident Response ManagementSecurity Monitoring Logs, Tools, and TechniquesEvidence Collection and Forensics
Test mode:
Start practice test
CISA - Protection of Information Assets - Security Event Management Example Questions

Test your knowledge of Protection of Information Assets - Security Event Management

Question 1

What is the primary characteristic of a 'Social Engineering' attack?

Correct Answer: Manipulating people into divulging confidential information or performing actions that compromise security

Social engineering attacks primarily involve manipulating people through psychological tactics rather than technical exploits. The correct answer accurately describes how social engineering focuses on exploiting human behavior and trust to gain confidential information or prompt security-compromising actions.

The other options describe different types of cyber attacks:

The second option describes cryptanalysis or network sniffing attacks that focus on technological means to intercept and decrypt data.

The third option describes technical exploitation of vulnerabilities in systems and infrastructure, which is characteristic of hacking rather than social engineering.

The fourth option describes automated password cracking or authentication bypass attacks that focus on technological weaknesses in security systems.

Social engineering is distinct because it targets the human element of security through manipulation, deception, and psychological tactics rather than focusing on technical vulnerabilities.

Question 2

When conducting a penetration test, which technique involves scanning a network to identify active hosts and open ports?

Correct Answer: Port scanning

Port scanning is a reconnaissance technique used in penetration testing to probe network addresses and determine which hosts are active and which ports are open, closed, or filtered. This helps identify exposed services and potential entry points. Tools like Nmap or Masscan are commonly used for this purpose. The other options describe different attack vectors that do not involve enumerating active hosts and open ports.

Question 3

What type of attack occurs when a malicious party places themselves between two communicating entities to intercept, read, or modify data?

Correct Answer: Man-in-the-Middle (MitM) attack

The scenario describes a Man-in-the-Middle (MitM) attack, which is characterized by an attacker secretly positioning themselves between two parties who believe they are communicating directly with each other. In this position, the attacker can intercept, read, or modify the data being exchanged.

The other options are different types of attacks:

Cross-Site Request Forgery (CSRF) attacks trick authenticated users into executing unwanted actions on websites where they're already authenticated, but don't necessarily involve intercepting communications between two parties.

Session hijacking involves stealing a user's valid session token to gain unauthorized access to systems or accounts, but doesn't require positioning between two communicating entities.

DNS poisoning involves corrupting a DNS server's cache to redirect traffic to malicious websites, but this attack targets the name resolution process rather than placing the attacker between communicating parties.

More Protection of Information Assets - Security Event Management questions
206 questions (total)
Start 100 question test