Quiz 7 Information Security Fundamentals
Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?
Report writing
What is NOT generally a section in an audit report?
System configurations
Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.
True
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Checklist
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.
True
During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.
True
In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks.
True
Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?
Audit
A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.
False
An SOC 1 report primarily focuses on security.
False
Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.
False
Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.
False
The four main types of logs that you need to keep to support security auditing include event, access, user, and security.
False
Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
False positive error
Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?
Secure Sockets Layer (SSL)
Which intrusion detection system strategy relies upon pattern matching?
Signature detection
An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.
True
Many jurisdictions require audits by law.
True
Performing security testing includes vulnerability testing and penetration testing.
True