Chapter 3 cyber security

Ricky is reviewing security logs to independently access security controls. Which security review process is Ricky engaging in

Audit

Curtis is conducting an audit of an identity management system. Which question is not likely to be in the scope of his audit

Does firewall properly block unsolicited network connection attempts

A SOC 1 report primarily focuses on security

False

A report indicating that a system disk is 80% full is a good indication that something is wrong in that system

False

Regarding log monitoring, false negatives our alerts that seem malicious but there are not CEO security events

False

Anthony is responsible for tuning his organizations intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using secure cell(SSH). What battle of error is occurring

False ppsitive error

Jake up is conducting an audit of the security controls at the organization as an independent reviewer. Which question would not be part of his audit

Is the security control likely to become obsolete in the near future

Which activity is an auditor least likely to conduct during the information gathering phase of an audit

Report writing

Gina is preparing to monitor network activity using package sniffing. Which technology is most likely to interfere with this effort if used on the network

Secure socket layer (SSL)

Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for a timely notification of security breaches. What type of agreement is most likely to continue formal requirements of this type

Service level agreement (SLA)

What type of security would be most likely to identify an unauthorized change to a computer system

System integrity monitoring

Anomaly based intrusion detection systems compare current activity with store profiles of normal expected activity

True

Insecurity testing, reconnaissance involves reviewing assistance to learn as much as possible about the organization, it's systems, and it's networks.

True