ITM 350- Chapter 10 quiz study guide

¡Supera tus tareas y exámenes ahora con Quizwiz!

what is AICPA?

American Institute of Certified Public Accountants has developed a cybersecurity risk management reporting framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.

Ricky is reviewing security logs to independently asses security controls. which security review process is Ricky engaging in?

Audit

Takako is a security engineer for her company's IT department. She has been tasked with developing a security monitoring system for the company's infrastructure to determine when any network activity occurs outside the norm. What essential technique does she start with?

Baselines

An effective audit report gets right to the point and often begins with a summary followed by the details. Because the summary may find its way outside the organization's leadership, what should auditors take care not to do?

Expose security weaknesses

True or False? A best practice is the standard collection of configuration settings or performance metrics to which a system is compared to determine whether it is securely configured.

False

true or false: An SOC 1 report primarily focuses on security and privacy controls.

False

What is a HIDS?

Host based Intrusion Detection System is a software processes or services designed to run on server computers

What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.

IT Infrastructure Library (ITIL)

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report.

Security controls place limits on activities that might pose a risk to an organization. Ricky, a security engineer for his company, is performing a review and measurement of all controls to capture changes to any environment component. What is this called?

Monitoring

____ is a network intrusion detection system, which monitors traffic, that gets through the firewall to detect malicious activity

NIDS

Jermaine is a security administrator for his company. He is developing a defense against attacks based on network-mapping methods. He prevents the Internet Control Message Protocol (ICMP) from operating to stop attackers from using ping packets to discover the network layout, but he must also guard against operating system fingerprinting since many attacks are tailored to specific operating systems. What must Jermaine be concerned about?

Port mapping

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM) system

Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting?

Security testing

True or False? American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 reports are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

True

True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

True or False? An American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 3 report is intended for public consumption.

True

True or False? An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

True or False? Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

True or False? When planning an IT audit, one must ensure that the areas not reviewed in the current audit will be subject to another audit.

True

true or false: A SOC 1 report is commonly implemented for organizations that must comply with a Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley

True

true or false: The Committee of Sponsoring Organizations (COSO) of the Treadway Commission is a volunteer-run organization that gives guidance to executive management and government entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk, fraud, and financial reporting.

True

true or false: anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity

True

Log files can help provide evidence of normal and abnormal system activity, as well as valuable information on how well security controls are doing their jobs. Regulation, policy, or log volume might dictate how much log information to keep. If a log file is subject to litigation, how long must a company keep it?

Until the case is over

True or false: the four main types of logs that you need to keep to support security auditing include event, access, user, and security

false

true or false: False negatives are known as TYPE 1 errors. Alerts seem malicious yet are not real security events

false

Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report to the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ______________ for conducting audits.

frequency requirements

Because __________, auditing every part of an organization and extending into all outsourcing partners may not be possible.

of resource contraints

what means very few things are permitted and all other are prohibited and carefully monitored

paranoid

Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system.

penetration testing

an attacker uses ____ to learn which operating system and version are running on a computer

port mapping

what means everything is allowed

promiscuous

what means a reasonable list of things is permitted, and all other are prohibited

prudent

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

report writing

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

secure sockets layer (SSL)

Security (CIA) and privacy controls. Management,r egulators, stakeholders. This is commonly implemented for service providers, hosted data centers, and manged cloud computing providers

soc 2

what is not generally a section in an audit report?

system configurations

True or false: A SIEM is a security information and event management system that helps organizations manage the explosive growth of their log files by providing a common platform to capture and analyze entries.

true

if an event is in the middle of litigation, how ling should the organization keep the event logs?

until the litigation is over

true or false: performing security testing includes vulnerability testing and penetration testing

true

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

what is NIDS?

Network-based Intrusion Detection System *sits on the network like a sniffer with a rule set *benefit of NIDS is its scalability *NIDS is passive by default (sets off alerts)

Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit? Does the organization have an effective password policy? Who grants approval for access requests? Does the firewall properly block unsolicited network connection attempts? Is the password policy uniformly enforced?

Does the firewall properly block unsolicited network connection attempts?

True or False? Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

False

True or False? Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False

True or False? Signature-based intrusion detection systems (IDSs) compare current activity with stored profiles of normal (expected) activity.

False

true or false: A HIDS can detect inappropriate traffic that origniates INSDIE the network and recongize an anomaly that is specific to a particular machine or user

True

Security (CIA) and privacy controls. This is commonly required for the customers of SOC 2 service providers to verify and validate that the organization is satisfying customer private data and compliance law such as HIPPA and GLBA

soc 3

what is SOC?

Service organization control or security operations center

What is a goal of vulnerability testing?

Documenting the lack of security control or misconfiguration

True or False? Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use?

Prudent

Internal controls over financial reporting. Users & auditors. This is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or Gramm-Leach-Bliley Act (GLBA)

SOC 1

Which intrusion detection system strategy relies on pattern matching?

Signature detection

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

black-box test

Which security testing activity uses tools that scan for services running on systems?

network mapping

True or false: Many jurisdictions require audits by law

true

true or false: Baselines can tell you what normal looks like in relation to security monitoring

true

true or false: During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences

true

true or false: In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks

true

true or false: SOC 2 reports are crested for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers

true

___ is a host based intrusion detection system

HIDS

what means anything not specifically prohibited is okay

permissive

True or False? A host-based intrusion detection system (HIDS) can recognize an anomaly that is specific to a particular machine or user.

True

True or False? After audit activities are completed, auditors perform data analysis.

True

True or False? During an IT audit, security controls are checked to ensure they are effective, reliable, and functioning as required and expected.

True

True or False? During the planning and execution phases of an audit, an auditor will most likely review risk analysis output.

True

True or False? ISO 27002 is a best-practices document that gives guidelines for information security management.

True

True or False? One way to harden a system is to turn off or disable unnecessary services.

True

True or False? Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream, rather than just in individual packets.

True

True or False? The purpose of a security audit is to make sure computing environments and security controls work as expected.

True

What information should an auditor share with the client during an exit interview?

details of major issues

True or false: Before deploying a IDS or IPS, you need to create a baseline in order for it to be effective

true

True or False? A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.

False

Antonio is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

Which regulatory standard would not require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act (PIPEDA)

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

Service Organization Control (SOC) 3

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

True or false: Splunk is a SIEM that offers free training for college students and certification options

True

a ___ is the standard collection of configuration settings or performance metrics to which a system is compared to determine whether it is securely configured

benchmark

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

checklist

true or false: False Positives are known as TYPE II errors, it fails to catch suspicious behavior

false

which item is an auditor least likely to review during a system controls audit?

resumes of systems administrators

how often should audits be conducted?

- as required by regulatory agency - according to so schedule -weekly for server logs - daily for IDS/IPS logs

According to the AICPA, how many levels are there for SOC reports?

3


Conjuntos de estudio relacionados

EMT Chapter 33: Obstetrics and Neonatal Care

View Set

Chapter 12 - Restraint Alternatives and Safe Restraint Use (textbook)

View Set

Chapter 14: Eating Disorders: Risk to Nutrition

View Set

Simulation Lab 11.1: Module 11 Harden PC with Group Policy Editor

View Set