Info Ch 10

¡Supera tus tareas y exámenes ahora con Quizwiz!

Identity Management Steps

(1) who grants approval for access requests, (2) what mechanisms are used for specific security requirements (3) whether the organization has an effective password policy and whether it is uniformly enforced (4) whether the organization has sufficient monitoring systems to detect unauthorized access (5) whether all systems are properly secured with strong authentication. Firewalls are not generally in scope for an identity management system audit.

Post-audit activities include which of the following?

All of the above: presenting findings to management, data analysis, exit interviews, reviewing of auditor's findings

Which of the following is an example of a level of permissiveness?

All of the following: prudent, permissive, promiscuous, paranoid

Port mapping

Attackers need to know what operating system a potential victim is running because the approach to attacking a system differs based on the target operating system. With operating system fingerprinting, an attacker uses port mapping to learn which operating system and version are running on a computer.

Host isolation is the isolation of internal networks and the establishment of a:

DMZ

A hardened configuration is a system that has had unnecessary services enabled. T/F

False

IT Infrastructure Library (ITIL)

a set of concepts and policies for managing IT infrastructure, development, and operations. Is published in a series of books, each covering a separate IT management topic.

When should an organization's managers have an opportunity to respond to the findings in an audit? a. Managers should not have an opportunity to b. Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report. c. Managers should write a report after receiving the final audit report. d. Managers should write a letter to the Board following receipt of the audit report.

b. Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report.

A ___ is a standard used to measure how effective a system is as it relates to industry expectations.

benchmark

Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting? a. Observation b. Configuration review c. Checklists d. Security testing

d. Security Testing

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work? a. Data loss prevention (DLP) system b. Virtual private network (VPN) c. Intrusion prevention system (IPS) d. Security information and event management (SIEM) system

d. Security information and event management (SIEM) system

Which intrusion detection system strategy relies on pattern matching? a. Statistical detection b. Traffic-based detection c. Behavior detection d. Signature detection

d. Signature detection

Prudent

This permission level allows a reasonable list of activities to take place and prohibits all other activities. This permission level is suitable for most businesses.

System integrity monitoring

Tools, such as Tripwire, enable you to watch computer systems for unauthorized changes and report them to administrators in near real time.

Some of the tools and techniques used in security monitoring include baselines, alarms, closed-circuit TV, and honeypots. T/F

True

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? a. System integrity monitoring b. Data loss prevention c. Network intrusion detection system (IDS) d. Closed-circuit TV

a. System integrity monitoring

Security controls place limits on activities that might pose a risk to an organization. Ricky, a security engineer for his company, is performing a review and measurement of all controls to capture changes to any environment component. What is this called? a. Remediating b. Monitoring c.Auditing d. Securing

b. Monitoring

Service Organization Control (SOC) 3

is commonly required for the customers of SOC 2 service providers to verify and validate that the organization is satisfying customer private data and compliance law requirements.

A common platform for capturing and analyzing log entries is __________.

security information and event management (SIEM)

Signature detection

use rule-based detection and rely on pattern and stateful matching to compare current traffic with activity patterns of known network attacks.

_____ is used when it is not as critical to detect and respond to incidents immediately

Non-real-time monitoring

When you use a control that costs more than the risk involved, you are making a poor management decision. T/F

True

Log files can help provide evidence of normal and abnormal system activity, as well as valuable information on how well security controls are doing their jobs. Regulation, policy, or log volume might dictate how much log information to keep. If a log file is subject to litigation, how long must a company keep it? a. A minimum of seven years b. Until the case is over c. At least one year d. Until litigation starts

b. Until the case is over

Which regulatory standard would not require audits of companies in the United States? a. Sarbanes-Oxley Act (SOX) b. Payment Card Industry Data Security Standard (PCI DSS) c. Personal Information Protection and Electronic Documents Act (PIPEDA) d. Health Insurance Portability and Accountability Act (HIPAA)

c. Personal Information Protection and Electronic Documents Act (PIPEDA)

An effective audit report gets right to the point and often begins with a summary followed by the details. Because the summary may find its way outside the organization's leadership, what should auditors take care not to do? a. List the timeline for implementation of changes b. Establish baselines c. Set a follow-up schedule d. Expose security weaknesses

d. Expose Security weakness

Antonio is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring? a. Remote administration error b. False negative error c. Clipping error d. False positive erro

d. False positive error

What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic. a. ISO 27002 b. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) c. Control Objectives for Information and Related Technology (COBIT) d. IT Infrastructure Library (ITIL)

d. IT Infrastructure Library (ITIL)

Monitoring

involves reviewing and measuring all controls to capture actions and changes to any environment component.

false-positive error

occurs when a system indicates malicious activity but it is not a real security event. False alarms are distractions that waste administrative effort.

The review of the system to learn as much as possible about the organization, its systems and network is known as:

reconnaissance

In ______ methods, the IDS compares current traffic with activity patterns consistent with those of a known network intrusion via pattern matching and stateful matching.

signature-based

Audit frequency

Is an important consideration. Some audits need to be done only on demand, including post-incident audits or any audit required by an external authority, such as a regulatory agency. Other audits should be conducted according to a schedule, such as annually or quarterly, which many regulations require. An organization's security policy should include the audit categories and frequency requirements for conducting audits.

What is a goal of vulnerability testing? a. Documenting the lack of security control or misconfiguration b. Identifying threats c. Exploiting vulnerabilities d. Bypassing controls

a. Documenting the lack of security control or misconfiguration

Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report to the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ______________ for conducting audits. a. frequency requirements b. permissions protocols c. data security standards d. appropriate security levels

a. frequency requirements

An audit examines whether security controls are appropriate, installed correctly, and __________.

addressing their purpose

Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with? a. Alarms b. Baselines c. Intrusion detection system (IDS) d. Covert acts

b. Baselines

Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit? a. Is the password policy uniformly enforced? b. Does the firewall properly block unsolicited network connection attempts? c. Does the organization have an effective password policy? d. Who grants approval for access requests?

b. Does the firewall properly block unsolicited network connection attempts?

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request? a. Statement on Auditing Standards (SAS) 70 b. Service Organization Control (SOC) 3 c. Service Organization Control (SOC) 1 d. Service Organization Control (SOC) 2

b. Service Organization Control (SOC) 3

Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system. a. stateful matching b. penetration testing c. system hardening d. network access control

b. penetration testing

Jermaine is a security administrator for his company. He is developing a defense against attacks based on network-mapping methods. He prevents the Internet Control Message Protocol (ICMP) from operating to stop attackers from using ping packets to discover the network layout, but he must also guard against operating system fingerprinting since many attacks are tailored to specific operating systems. What must Jermaine be concerned about? a. Zone transfers b. Unnecessary services c. Snapshots d. Port mapping

d. Port Mapping

Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use? a. Promiscuous b. Paranoid c. Permissive d. Prudent

d. Prudent

Because __________, auditing every part of an organization and extending into all outsourcing partners may not be possible. a. such an extensive audit is outside of best practices recommendations b. all users should not be informed they are being audited c. all users should be informed they are being audited d. of resource constraints

d. of resource constraints (Auditing every part of an organization and extending into all outsourcing partners may not be possible because of resource constraints. Auditors should give the highest-risk areas the top priority.)

Baselines

essential in security monitoring. To recognize something as abnormal, you first must know what normal looks like.

Security information and event management (SIEM) system

help organizations manage the explosive growth of log files. Provide a platform to capture and analyze log data from many different sources.

Vulnerability Testing

identifying vulnerabilities (passively), documenting the lack of security control or misconfiguration, and examining vulnerabilities related to credentialed and noncredentialed users.

Security Testing

includes vulnerability testing and penetration testing and involves gathering technical info to determine whether vulnerabilities exist in security components, networks, or applications


Conjuntos de estudio relacionados

Ch. 13 arterial blood collection

View Set

Interpersonal Communication Final

View Set

Lecture 13 LaunchPad Assignment BIO 2170

View Set

NURSING Fundamentals. Chapter 26 & 27.

View Set

Cyber Security Chapter 7-11 flash cards

View Set

Chapter 14: Infection, Infectious Diseases, and Epidemiology

View Set