Fund of Cyb - Chpt 7
false
An SOC 1 report primarily focuses on security.
prudent
Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?
Does the firewall properly block unsolicited network connection attempts?
Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?
true
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
true
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
true
In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.
true
In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.
false
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
Signature detection
Which intrusion detection system strategy relies upon pattern matching?
Secure Sockets Layer (SSL
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
true
Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity.
Details on major issues
What information should an auditor share with the client during an exit interview?
Managers should include their responses to the draft audit report in the final audit report.
When should an organization's managers have an opportunity to respond to the findings in an audit?
report writing
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
false
A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.
true
After audit activities are completed, auditors perform data analysis.
false
Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
true
During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.
false
During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system.
spc 3
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
System Configuration
What is NOT generally a section in an audit report?
IT Infrastructure Library
What is a set of concepts and policies for managing IT infrastructure, development, and operations?
System integrity monitoring
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
Checklist
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Resumes of system administrators
Which item is an auditor least likely to review during a system controls audit?
Personal Information Protection and Electronic Documents Act (PIPEDA)
Which regulatory standard would NOT require audits of companies in the United States?
network mapping
Which security testing activity uses tools that scan for services running on systems?
true
An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
true
Performing security testing includes vulnerability testing and penetration testing.
false
Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.
adult
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
true
SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
Is the security control effective in addressing the risk it was designed to address?
Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?
true
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
False positive error
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
true
Security information and event management (SIEM)
black-box test
Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?
Security information and event management (SIEM)
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
true
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.
false
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.