Shi-No-Bu - NS - Chapter 7

¡Supera tus tareas y exámenes ahora con Quizwiz!

what is the definition of "anomaly-based IDS"?

An intrusion detection system that compares current activity with expected "normal" expected activity.

What is the definition of a pattern-based IDS?

An intrusion detection system that uses pattern matching and stateful matching to compare current network activity with activity pattern/signatures of known attackers.

Which of the following is the definition of false negative?

Incorrectly identifying abnormal activity as normal

________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed service providers, and credit card transaction processing companies.

SAS 70

What is the definition of gray-box testing?

Security testing that is based on having limited information of an app's design.

What is a security information and event management(SIEM) system?

Software devices that assist in collecting, storing, and analyzing the contents of log files.

What is the definition of a "hardened" configuration

The state for your system in which you have disabled or turned off unnecessary services and processes and protected the ones that are left running.

What is the definition of network mapping?

Using tools to determine the layout and services running on an organization's system and networks.

What is white-box testing?

White box testing is security testing based on having full knowledge of the source code of the app.

_________ gives you the opportunity to review your risk-management program and to confirm the program has correctly identified and reduced/addressed risks to your organization

an audit.

A method of security testing that isn't based directly on knowledge of a program's architecture is called _____.

black-box testing

Security audits help ensure your rules and __________ are up to date, documented, and subject to change control procedures.

configurations

As your organization grows and evolves and as threats mature, it is important to make sure your ________ still meet the risks(s) you face today.

controls

What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn the identify of a system's operating system and version?

operating system fingerprinting

Audits are necessary because of _______.

potential liability, negligence, and mandatory regulatory compliance(All of the above).

________ provides information on what is happening as it happens

real time monitoring

SOC 2 AND SOC 3 PRIMARILY ADDRESS _______ RELATED CONTROLS.

security

an SOC 1 report is commonly implemented for organizations that must comply with SOX(Sarbanes-Oxley) or GLBA(Gramm-Leach-Bliley Act)(T/F)

true

many jurisdictions require audits by law(T/F)

true

the term "clipping level" refers to a value used in security monitoring that tells controls to ignore activity that falls under a stated value.(T/F)

true


Conjuntos de estudio relacionados

Chapter 23: Cells and Tissues of the Plant Body

View Set

fahmy 100 ( bible ) arabic & french 14

View Set

Ch 8: Florida Statutes the surplus lines law

View Set

Chapter 32: All Forms of Partnerships

View Set

MUSCLES THAT ACT ON EACH DIGIT: Digit 5 (Pinky)

View Set