Chapter 7

Which of the following is the definition of Anomaly-based IDS?

An intrusion detection system that compares current activity with stored profiles of normal (expected) activity.

Compare current activity with stored profiles of normal (expected activity).

Anomaly-Based IDS's

Standard by which your system is compared to determine whether it is securely configured.

Benchmark

After audit activities are completed, the auditors have no further work to do. t/f

False

Which of the following is the definition of false negative?

Incorrectly identifying abnormal activity as normal.

_________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed services providers, and credit card transaction processing companies.

SAS 70

Provides a common platform to capture and analyze entries.

Security information and Event Management (SIEM) system

What is meant by gray-box testing?

Security testing that is based on limited knowledge of an application's design.

A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences. T/F

True

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured. t/f

True

Which of the following defines network mapping?

Using tools to determine the layout and services running on an organization's systems and networks.

Audits are necessary because of ________.

all of the above: Potential Liabilities, Negligence, mandatory regulatory compliance.

As your organization evolves and as threats mature, it is important to make sure your __________ still meet(s) the risks you face today.

controls