Security ch 7
black box testing
A method of security testing that isn't based directly on knowledge of a program's architecture.
Vulnerability testing
A process of finding the weaknesses in a system and determining which places may be attack points.
Operating system fingerprinting
A reconnaissance technique that enables an attacker to use port mapping to learn which operating system and version is running on a computer.
Stateful matching
A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.
Which of the following is known as stateful matching?
A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. looks for sequences appearing across several packets in a traffic stream
Penetration testing
A testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it.
Zone transfer
A unique query of a DNS server that asks it for the contents of its zone.
Covert act
An act carried out in secrecy.
Overt act
An act carried out in the open.
________gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization.
An audit
Anomoly based IDS
An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.
Pattern-(Signature-) based IDS
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
Real time monitoring
Analysis of activity as it is happening.
Mitigation activities
Any activities designed to reduce the severity of a vulnerability or remove it altogether.
(T/F) The audit itself sets new policies.
False
False negative
Incorrectly identifying abnormal activity as normal.
Which of the following is the definition of false negative?
Incorrectly identifying abnormal activity as normal.
False positive
Incorrectly identifying normal activity as abnormal.
_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.
SAS 70
Which of the following is the definition of white-box testing?
Security testing that is based on knowledge of the application’s design and source code.
White box testing
Security testing that is based on knowledge of the application's design and source code.
Gray box testing
Security testing that is based on limited knowledge of an application's design.
Security Information and Event Management (SIEM) system
Software and devices that assist in collecting, storing, and analyzing the contents of log files.
Reconnaissance
The process of gathering information.
Hardened configuration
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
Which of the following is the definition of hardened configuration?
The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running.
(t/F) An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
True
Which of the following defines network mapping?
Using tools to determine the layout and services running on an organization’s systems and networks.
Network mapping
Using tools to determine the layout and services running on an organization's systems and networks.
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures.
configurations
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.
controls
(T/F) An SOC 1 report primarily focuses on internal controls over security.
false
It's essential to match your organization's required __________ with its security structure.
permission level
________ provides information on what is happening as it happens
real time moitoring
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________.
standards
The primary difference between SOC 2 and SOC 3 reports is ________.
their audience
(T/F) A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences.
true
(T/F)Auditors often do a substantial amount of work preparing for an audit.
true
Many jurisdictions require audits by law.
true
SAS70 was officially retired in June 2011 and was superseded and enhanced by the Statement of Standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations.
true
SOC 3 reports are intended for public consumption.
true
Tests should be as "real" as possible and therefore should be run against production networks and systems to the degree possible without impairing system operations.
true
Clipping level
A value used in security monitoring that tells controls to ignore activity that falls below a stated value.
If knowing about an audit changes user behavior, an audit will ____________.
not be accurate
(T/F) Network mapping is a technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets.
false