Chapter 3 cyber security
Ricky is reviewing security logs to independently access security controls. Which security review process is Ricky engaging in
Audit
Curtis is conducting an audit of an identity management system. Which question is not likely to be in the scope of his audit
Does firewall properly block unsolicited network connection attempts
A SOC 1 report primarily focuses on security
False
A report indicating that a system disk is 80% full is a good indication that something is wrong in that system
False
Regarding log monitoring, false negatives our alerts that seem malicious but there are not CEO security events
False
Anthony is responsible for tuning his organizations intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using secure cell(SSH). What battle of error is occurring
False ppsitive error
Jake up is conducting an audit of the security controls at the organization as an independent reviewer. Which question would not be part of his audit
Is the security control likely to become obsolete in the near future
Which activity is an auditor least likely to conduct during the information gathering phase of an audit
Report writing
Gina is preparing to monitor network activity using package sniffing. Which technology is most likely to interfere with this effort if used on the network
Secure socket layer (SSL)
Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for a timely notification of security breaches. What type of agreement is most likely to continue formal requirements of this type
Service level agreement (SLA)
What type of security would be most likely to identify an unauthorized change to a computer system
System integrity monitoring
Anomaly based intrusion detection systems compare current activity with store profiles of normal expected activity
True
Insecurity testing, reconnaissance involves reviewing assistance to learn as much as possible about the organization, it's systems, and it's networks.
True
