Chapter 7 (Test 2)
A SOC 1 report primarily focuses on internal controls over security. True or False?
F
Although SAS 70 was general in its scope, the standard did address many of the emerging issues encountered in today's service organizations. True or False?
F
Network mapping is a technique of matching network traffic with rules or signatures based on appearance of the traffic and its relationship to other packets. True or False?
F
The audit itself sets new policies. True or false?
F
A SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). True or False?
T
A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences. True or False?
T
Auditors often do a substantial amount of work preparing for an audit. True or False?
T
SAS 70 was officially retired in June 2011 and was superseded and enhanced by the Statement of standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations. True or False?
T
SOC 3 reports are intended for public consumption. True or False?
T
The following are all methods of collecting data: questionnaires, interviews, observation, and checklists. True or False?
T
If knowing about an audit manager changes user behavior, an audit will ______________. a. Not be accurate b. Not be required c. Skew results d. Be more accurate
a
Which of the following is the definition of anomaly-based IDS? a. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity b. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running c. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders d. Using tools to determine the layout and services running on an organization's systems and networks
a
Which of the following is the definition of pattern-based IDS? a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets c. Software and devices that assist in collecting, storing, and analyzing the contents of log files d. The state of a computer or device in which you have turned off or disables unnecessary services and protected the ones that are still running
a
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the __________ review cycle. a. Audit b. Security c. Benchmark d. Monitoring
b
What term is used to describe a reconnaissance technique that enables an attackers to use port mapping to learn which operating system and version are running on a computer? a. False negative b. Operating system fingerprinting c. Security Information and Event Management (SIEM) system d. Network mapping
b
Which of the following defines network mapping? a. A process of finding weaknesses in a system and determining which places may be attack points b. Using tools to determine the layout and services running on an organization's systems and networks c. The standard by which your computer or device is compared to determine if it's securely configured d. A method of security testing that isn;t baed directly on knowledge of a program's architecture
b
Which of the following is known as stateful matching? a. Security testing that is based on limited knowledge of an application's design b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets c. Using tools to determine the layout and services running on an organization's systems and networks d. A method of security testing that isn't based directly on knowledge of a program's architecture
b
A method of security testing that isn't based directly on knowledge of a program's architecture is the definition of ______________. a. Anomaly-based IDS b. Gray-box testing c. Black-box testing d. Security Information and Event Management (SIEM) system
c
As your organization evolves and as threats mature, it is important to make sure your ____________ still meet(s) the risks you face today. a. Configuration b. Monitoring c. Controls d. Settings
c
SOC 2 and SOC 3 reports both address primarily __________ -related controls. a. Communication b. Financial reporting c. Security d. Management
c
Security audits help ensure that your rules and ___________ are up-to-date, documented, and subject to change control procedures. a. Applications b. Mitigation activities c. Configurations d. Recommendations
c
Which of the following is the definition of hardened configuration? a. Using tolls to determine the layout and services running on an organization's systems and networks b. A method of security testing that isn't based directly on knowledge of a program's architecture c. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running d. Incorrectly identifying abnormal activity as normal
c
Which of the following is the definition of white-box testing? a. An act carried out in secrecy b. Software and devices that assist in collecting, storing, and analyzing the contents of log files c. Security testing that isn;t based on knowledge of the application's design and source code d. Analysis of activity as it is happening
c
_____________ provides information on what is happening as it happens. a. Security b. Vulnerability testing c. Real-time monitoring d. Pattern-based (or signature-based) IDS
c
Audits are necessary because of ____________. a. Mandatory regulatory compliance b. Potential liability c. Negligence d. All of the above
d
It is essential to match your organization's required __________________ with its security structure. a. Operating system b. Recommendations c. Monitoring d. Permission level
d
The __________ framework defines the scope and contents of three levels of audit reports. a. Permission-level b. Zone transfer c. Real-time monitoring d. Service organization control (SOC)
d
The primary difference between SOC 2 and SOC 3 reports is ______________. a. Their focus b. Their length c. The number of auditors involved d. Their audience
d
What is a Security Information and Event Management (SIEM0 system? a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders b. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity c. Security testing that is based on knowledge of the application's design and source code d. Software and devices that assist in collecting, storing, and analyzing the contents of log files
d
What is meant by gray-box testing? a. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets b. Analysis of activity as it is happening c. Any activities designed to reduce the severity of a vulnerability or remove it all together d. Security testing that is based on limited knowledge of an application's design
d
Which of the following is the definition of false negative? a. Analysis of activity as it is happening b. The process of gathering the wrong information c. A method of security testing that isn;t based directly on knowledge of a program's architecture d. Incorrectly identifying abnormal activity as normal
d