Security ch 7

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

black box testing

A method of security testing that isn't based directly on knowledge of a program's architecture.

Vulnerability testing

A process of finding the weaknesses in a system and determining which places may be attack points.

Operating system fingerprinting

A reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version is running on a computer.

Stateful matching

A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.

Which of the following is known as stateful matching?

A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. looks for sequences appearing across several packets in a traffic stream

Penetration testing

A testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it.

Zone transfer

A unique query of a DNS server that asks it for the contents of its zone.

Covert act

An act carried out in secrecy.

Overt act

An act carried out in the open.

________gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization.

An audit

Anomoly based IDS

An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.

Pattern-(Signature-) based IDS

An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.

Real time monitoring

Analysis of activity as it is happening.

Mitigation activities

Any activities designed to reduce the severity of a vulnerability or remove it altogether.

(T/F) The audit itself sets new policies.

False

False negative

Incorrectly identifying abnormal activity as normal.

Which of the following is the definition of false negative?

Incorrectly identifying abnormal activity as normal.

False positive

Incorrectly identifying normal activity as abnormal.

_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.

SAS 70

Which of the following is the definition of white-box testing?

Security testing that is based on knowledge of the application’s design and source code.

White box testing

Security testing that is based on knowledge of the application's design and source code.

Gray box testing

Security testing that is based on limited knowledge of an application's design.

Security Information and Event Management (SIEM) system

Software and devices that assist in collecting, storing, and analyzing the contents of log files.

Reconnaissance

The process of gathering information.

Hardened configuration

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

Which of the following is the definition of hardened configuration?

The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.

(t/F) An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

Which of the following defines network mapping?

Using tools to determine the layout and services running on an organization’s systems and networks.

Network mapping

Using tools to determine the layout and services running on an organization's systems and networks.

Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.

configurations

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.

controls

(T/F) An SOC 1 report primarily focuses on internal controls over security.

false

It's essential to match your organization's required __________ with its security structure.

permission level

________ provides information on what is happening as it happens

real time moitoring

Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________.

standards

The primary difference between SOC 2 and SOC 3 reports is ________.

their audience

(T/F) A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences.

true

(T/F)Auditors often do a substantial amount of work preparing for an audit.

true

Many jurisdictions require audits by law.

true

SAS70 was officially retired in June 2011 and was superseded and enhanced by the Statement of Standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations.

true

SOC 3 reports are intended for public consumption.

true

Tests should be as "real" as possible and therefore should be run against production networks and systems to the degree possible without impairing system operations.

true

Clipping level

A value used in security monitoring that tells controls to ignore activity that falls below a stated value.

If knowing about an audit changes user behavior, an audit will ____________.

not be accurate

(T/F) Network mapping is a technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.

false


Kaugnay na mga set ng pag-aaral

Western Civ Middle Ages (5th to the 15th century)

View Set

Advanced Med surg week 1 & 2 practice

View Set

Chapter 7 Homework Answers Part 1

View Set

Health Insurance Policy Provisions

View Set