chap 67
What is meant by standard? A. A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization. B. A benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products. C. The formal acceptance by the authorizing official of the risk of implementing the system. D. Recorded information from system events that describes security-related activity.
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization.
________ gives you the opportunity to review your risk-management program and to confirm that the program has correctly identified and reduced (or otherwise addressed) the risks to your organization. A. Penetration testing B. Real-time monitoring C. An audit D. Vulnerability testing
An audit
Which of the following is the definition of anomaly-based IDS? A. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity. B. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running. C. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders. D. Using tools to determine the layout and services running on an organization's systems and networks.
An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders.
___________ are the benchmarks that help make sure a minimum level of security exists across multiple applications of systems and across different products. A. Assets B. Functional policies C. Policies D. Baselines
Baselines
_________ ensures that any changes to a production system are tested, documented, and approved. A. Change control B. Configuration control C. Classification D. Compliance
Change control
What is meant by gray-box testing? A. Any activities designed to reduce the severity of a vulnerability or remove it altogether. B. Security testing that is based on limited knowledge of an application's design. C. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets. D. Analysis of activity as it is happening.
Security testing that is based on limited knowledge of an application's design.
The ___________ framework defines the scope and contents of three levels of audit reports. A. Service Organization Control (SOC) B. permission-level C. real-time monitoring D. zone transfer
Service Organization Control (SOC)
Which of the following is the definition of system owner? A. A benchmark used to make sure that a system provides a minimum level of security across multiple applications and across different products. B. The individual or team responsible for performing the security test and evaluation for the system, and for preparing the report for the AO on the risk of operating the system. C. The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO. D. Fixing something that is broken or defective, such as by addressing or removing vulnerabilities.
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
Which of the following defines network mapping? A. The standard by which your computer or device is compared to determine if it's securely configured. B. A method of security testing that isn't based directly on knowledge of a program's architecture. C. Using tools to determine the layout and services running on an organization's systems and networks. D. A process of finding the weaknesses in a system and determining which places may be attack points.
Using tools to determine the layout and services running on an organization's systems and networks.
A security awareness program includes ________. A. teaching employees about security objectives B. motivating users to comply with security policies C. informing users about trends and threats in society D. all of the above
all of the above
Security audits help ensure that your rules and __________ are up to date, documented, and subject to change control procedures. A. applications B. mitigation activities C. configurations D. recommendations
configurations
As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today. A. configuration B. controls C. monitoring D. settings
controls
For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge. A. administration B. human element C. certifier D. regulations
human element
If knowing about an audit changes user behavior, an audit will ____________. A. not be accurate B. be more accurate C. skew results D. not be required
not be accurate
It's essential to match your organization's required __________ with its security structure. A. monitoring B. permission level C. operating system D. recommendations
permission level
Enacting changes in response to reported problems is called ________. A. reactive change management B. job rotation C. change control D. compliance liaison
reactive change management
From the perspective of a _________ professional, configuration management evaluates the impact a modification might have on security. A. administration B. security C. management D. IT
security
SOC 2 and SOC 3 reports both address primarily ________-related controls. A. security B. financial reporting C. management D. communication
security
When an information security breach occurs in your organization, a __________ helps determine what happened to the system and when. A. baseline B. security event log C. functional policy D. security policy
security event log
Audits also often look at the current configuration of a system as a snapshot in time to verify that it complies with ________. A. controls B. management C. standards D. plan
standards
The primary difference between SOC 2 and SOC 3 reports is ________. A. their length B. the number of auditors involved C. their focus D. their audience
their audience
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program. A. documentation B. environment C. guidelines D. training
training
