IIBA-CCA Exam Dumps

Creating a fake website to trick individuals into entering usernames and passwords is a classic example of phishing. Phishing is a social engineering technique where an attacker impersonates a trusted entity to deceive a victim into disclosing sensitive information (credentials, personal data, payment details) or taking an action that benefits the attacker (downloading malware, approving an MFA prompt, wiring funds). A counterfeit login page is commonly used in credential-harvesting campaigns: the victim believes they are authenticating to a legitimate service, but the credentials are captured by the attacker and later used for account takeover. This is not necessarily a breach yet because the question describes an attempt to acquire credentials; a breach would be confirmed unauthorized access or disclosure. While phishing is a kind of threat, ''threat'' is too broad compared to the specific described behavior. It is also not ransomware, which focuses on encrypting or locking data and demanding payment. Cybersecurity documentation emphasizes layered defenses against phishing: user awareness training, email and web filtering, domain and certificate validation, anti-spoofing controls, strong authentication (especially MFA resistant to prompt fatigue), password managers that reduce credential entry on lookalike domains, and monitoring for suspicious logins. Because the attack relies on deception through a fake website to steal credentials, the best match is phishing.

A security information and event management system (SIEM) is designed to centralize and analyze security-relevant data to support threat detection, compliance reporting, and incident management. SIEM platforms ingest logs and telemetry from many sources such as servers, endpoints, network devices, firewalls, intrusion detection systems, identity providers, cloud services, and business applications. They normalize and correlate these events so analysts can identify suspicious patterns that would be difficult to see in isolated logs, such as repeated failed logins followed by a successful login from an unusual location, privilege escalation, lateral movement indicators, or abnormal data access.

Cybersecurity operational guidance emphasizes SIEM value in three main areas. First, detection and alerting: correlation rules, behavioral analytics, and threat intelligence enrichment help surface high-risk activity. Second, incident response support: SIEM provides timelines, evidence preservation, triage context, and query capabilities that help responders scope and contain incidents. Third, compliance and audit readiness: centralized log retention, integrity controls, and reporting demonstrate that monitoring and control requirements are operating.

The other options do not match the definition. SaaS is a delivery model, not a specific security monitoring capability. A threat risk assessment is a process, not a software product for event collection and correlation. A CASB focuses on governing and protecting cloud application usage, whereas SIEM focuses on cross-environment event aggregation, correlation, and security operations monitoring.

Functional security requirements define what security capabilities a system must provide to protect information and enforce policy. They describe required security functions such as identification and authentication, authorization, role-based access control, privilege management, session handling, auditing/logging, segregation of duties, and account lifecycle processes. Because of this, user privileges are a direct and core concern of functional security requirements: the system must support controlling who can access what, under which conditions, and with what level of permission.

In cybersecurity requirement documentation, ''privileges'' include permission assignment (roles, groups, entitlements), enforcement of least privilege, privileged access restrictions, elevation workflows, administrative boundaries, and the ability to review and revoke permissions. These are functional because they require specific system behaviors and features---for example, the ability to define roles, prevent unauthorized actions, log privileged activities, and enforce timeouts or re-authentication for sensitive operations.

The other options are typically classified differently. System reliability and performance/stability are generally non-functional requirements (quality attributes) describing service levels, resilience, and operational characteristics rather than security functions. Identified vulnerabilities are findings from assessments that drive remediation work and risk treatment; they inform security improvements but are not themselves functional requirements. Therefore, the option best aligned with functional security requirements is user privileges.

The principle of least privilege requires that users, administrators, services, and applications are granted only the minimum access necessary to perform authorized job functions, and nothing more. Option A follows this principle because the administrator's elevated permissions are limited in scope to the specific applications they are responsible for supporting. This reduces the attack surface and limits blast radius: if that administrator account is compromised, the attacker's reach is constrained to only those applications rather than the entire enterprise environment.

Least privilege is typically implemented through role-based access control, separation of duties, and privileged access management practices. These controls ensure privileges are assigned based on defined roles, reviewed regularly, and removed when no longer required. They also promote using standard user accounts for routine tasks and reserving administrative actions for controlled, auditable sessions. In addition, least privilege supports stronger accountability through logging and change tracking, because fewer people have the ability to make high-impact changes across systems.

The other scenarios violate least privilege. Option B grants excessive enterprise-wide permissions, creating unnecessary risk and enabling widespread damage from mistakes or compromise. Option C provides ''just in case'' administrative access, which cybersecurity guidance explicitly discourages because it increases exposure without a validated business need. Option D is overly broad because access to all HR files exceeds what is required for performance appraisals, which typically should be limited to relevant employee records only.

In cybersecurity risk management, impact refers to the severity of adverse consequences if a threat event occurs and successfully affects information or systems. It is the ''so what'' of a risk scenario: how much damage the organization, its customers, or other stakeholders could experience when confidentiality, integrity, or availability is compromised. Impact commonly includes multiple dimensions such as operational disruption, loss of critical services, harm to customers, legal or regulatory exposure, reputational damage, and direct and indirect financial loss. Because these consequences can extend beyond money, impact is broader than just costs and also includes mission failure, safety implications, loss of competitive advantage, and degradation of trust.

Option D captures this correctly by describing impact as the magnitude of harm expected from unauthorized use of information. Option C describes likelihood, not impact, because it focuses on probability over time. Option B is only one component of impact, since financial cost is important but does not fully represent business, legal, and operational consequences. Option A is also a possible consequence but is narrower than the full impact concept. Cybersecurity risk scoring typically combines likelihood and impact to prioritize treatment, ensuring high-impact scenarios receive attention even when probabilities vary.