Security Audit QuizOnline version Audit-focused questions by Jorge Carrillo. PhD 1 A multinational bank plans to retain customer ciphertext for 25 years. The encryption uses RSA-2048. From a 2026 audit perspective, the MOST critical recommendation is to: a Initiate a cryptographic inventory and plan a hybrid migration to a NIST PQC standard such as ML-KEM b Move to RSA-4096 immediately c Replace TLS with IPsec d Accept the residual risk because quantum computers do not yet exist 2 An IS auditor discovers that an enterprise's CI/CD pipeline signs container images with a key stored as a plaintext GitHub Actions secret. The PRIMARY risk is: a Slow build times b Loss of code signing integrity leading to undetectable supply-chain injection of malicious images c Increased storage costs d Violation of the EU AI Act 3 Investigation reveals that an attacker compromised a federated identity by obtaining a valid refresh token through a malicious OAuth consent screen on a lookalike domain. This attack is BEST classified as: a Illicit consent grant / token theft b b) Pass-the-Hash c a) Kerberoasting d d) SQL injection 4 Under the CISA Zero Trust Maturity Model 2.0, which characteristic MOST clearly distinguishes the "Optimal" stage of the Identity pillar from "Advanced"? a Use of passwords with at least 12 characters b Continuous, automated risk-based authentication with just-in-time access and full identity-lifecycle automation c Use of a single identity provider d Periodic MFA at login 5 During a wireless audit, the auditor notes that the enterprise uses WPA3-SAE with a shared passphrase for all employees. The MOST appropriate recommendation is to: a Rotate the passphrase monthly only b Disable MAC filtering c Downgrade to WPA2-PSK for compatibility d Migrate to WPA3-Enterprise with 802.1X\/EAP-TLS and device certificates * 6 An IaaS customer is breached when an S3 bucket containing backups is made public due to an IaC misconfiguration. When allocating accountability under the shared responsibility model, the MOST accurate statement is: a Responsibility depends on the data's sensitivity only b The customer is responsible; access configuration and data classification are customer obligations * c Responsibility is shared equally d The cloud provider is fully responsible because the storage service is theirs 7 An enterprise uses an AI assistant embedded in its CRM. Employees paste customer PII into the assistant to summarize support cases. The MOST material control gap from an audit perspective is: a Absence of network segmentation b Lack of encryption at rest on the CRM database c Absence of a data-classification and AI Acceptable Use Policy with DLP enforcement at the AI gateway * d Weak wireless encryption 8 A penetration test finds that an attacker who gains any Active Directory user credentials can request service tickets and escalate to Domain Admin because a service account with SPN has the password "Summer2024!" set ten years ago. The BEST remediation is: a Remove all service accounts from the domain b Require MFA on the domain controller console only c Disable Kerberos entirely d Enforce 25+ character random passwords on SPN-bearing accounts, use Group Managed Service Accounts (gMSA), and monitor for anomalous TGS requests * 9 An auditor reviews a SASE deployment and finds that TLS inspection is disabled for all traffic due to privacy concerns. The GREATEST resulting risk is: a Certificate expiration b IPv6 incompatibility c Increased latency d Inability to detect command-and-control, data exfiltration and malware delivery that rides encrypted channels * 10 An IS auditor is asked to assess the risk of "harvest now, decrypt later" against VPN traffic protecting M&A negotiations. Which single factor MOST increases the risk rating? a The VPN terminates on a hardware appliance b The expected secrecy lifetime of the data exceeds the projected arrival of a cryptographically relevant quantum computer * c The traffic includes voice over IP d The VPN uses AES-256 for bulk encryption 11 Which observation would MOST clearly indicate a failure of crypto-agility in an enterprise? a Quarterly key rotation b A five-year project is required to replace a single hash algorithm because it is hard-coded across applications * c Use of hardware security modules d Use of both AES and ChaCha20
