Chapter 7 (Test 2)
A SOC 1 report primarily focuses on internal controls over security. True or False?
False
Although SAS 70 was general in its scope, the standard did address many of the emerging issues encountered in today's service organizations. True or False?
False
Network mapping is a technique of matching network traffic with rules or signatures based on appearance of the traffic and its relationship to other packets. True or False?
False
The audit itself sets new policies. True or false?
False
A SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). True or False?
True
A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences. True or False?
True
Auditors often do a substantial amount of work preparing for an audit. True or False?
True
SAS 70 was officially retired in June 2011 and was superseded and enhanced by the Statement of standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations. True or False?
True
SOC 3 reports are intended for public consumption. True or False?
True
Which of the following is the definition of anomaly-based IDS? a. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity b. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running c. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders d. Using tools to determine the layout and services running on an organization's systems and networks
a. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity
A method of security testing that isn't based directly on knowledge of a program's architecture is the definition of ______________. a. Anomaly-based IDS b. Gray-box testing c. Black-box testing d. Security Information and Event Management (SIEM) system
c. Black-box testing
Security audits help ensure that your rules and ___________ are up-to-date, documented, and subject to change control procedures. a. Applications b. Mitigation activities c. Configurations d. Recommendations
c. Configurations
Which of the following is the definition of white-box testing? a. An act carried out in secrecy b. Software and devices that assist in collecting, storing, and analyzing the contents of log files c. Security testing that isn;t based on knowledge of the application's design and source code d. Analysis of activity as it is happening
c. Security testing that isn;t based on knowledge of the application's design and source code
Which of the following is the definition of hardened configuration? a. Using tolls to determine the layout and services running on an organization's systems and networks b. A method of security testing that isn't based directly on knowledge of a program's architecture c. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running d. Incorrectly identifying abnormal activity as normal
c. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running
Audits are necessary because of ____________. a. Mandatory regulatory compliance b. Potential liability c. Negligence d. All of the above
d. All of the above
Which of the following is the definition of false negative? a. Analysis of activity as it is happening b. The process of gathering the wrong information c. A method of security testing that isn;t based directly on knowledge of a program's architecture d. Incorrectly identifying abnormal activity as normal
d. Incorrectly identifying abnormal activity as normal
If knowing about an audit manager changes user behavior, an audit will ______________. a. Not be accurate b. Not be required c. Skew results d. Be more accurate
a. Not be accurate
The __________ framework defines the scope and contents of three levels of audit reports. a. Permission-level b. Zone transfer c. Real-time monitoring d. Service organization control (SOC)
d. Service organization control (SOC)
The following are all methods of collecting data: questionnaires, interviews, observation, and checklists. True or False?
True
Which of the following is the definition of pattern-based IDS? a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets c. Software and devices that assist in collecting, storing, and analyzing the contents of log files d. The state of a computer or device in which you have turned off or disables unnecessary services and protected the ones that are still running
a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders
Which of the following is known as stateful matching? a. Security testing that is based on limited knowledge of an application's design b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets c. Using tools to determine the layout and services running on an organization's systems and networks d. A method of security testing that isn't based directly on knowledge of a program's architecture
b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets
What term is used to describe a reconnaissance technique that enables an attackers to use port mapping to learn which operating system and version are running on a computer? a. False negative b. Operating system fingerprinting c. Security Information and Event Management (SIEM) system d. Network mapping
b. Operating system fingerprinting
One of the best ways to avoid wasting your organization's resources is to ensure that you follow the __________ review cycle. a. Audit b. Security c. Benchmark d. Monitoring
b. Security
Which of the following defines network mapping? a. A process of finding weaknesses in a system and determining which places may be attack points b. Using tools to determine the layout and services running on an organization's systems and networks c. The standard by which your computer or device is compared to determine if it's securely configured d. A method of security testing that isn;t baed directly on knowledge of a program's architecture
b. Using tools to determine the layout and services running on an organization's systems and networks
As your organization evolves and as threats mature, it is important to make sure your ____________ still meet(s) the risks you face today. a. Configuration b. Monitoring c. Controls d. Settings
c. Controls
_____________ provides information on what is happening as it happens. a. Security b. Vulnerability testing c. Real-time monitoring d. Pattern-based (or signature-based) IDS
c. Real-time monitoring
SOC 2 and SOC 3 reports both address primarily __________ -related controls. a. Communication b. Financial reporting c. Security d. Management
c. Security
It is essential to match your organization's required __________________ with its security structure. a. Operating system b. Recommendations c. Monitoring d. Permission level
d. Permission level
What is meant by gray-box testing? a. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets b. Analysis of activity as it is happening c. Any activities designed to reduce the severity of a vulnerability or remove it all together d. Security testing that is based on limited knowledge of an application's design
d. Security testing that is based on limited knowledge of an application's design
What is a Security Information and Event Management (SIEM0 system? a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders b. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity c. Security testing that is based on knowledge of the application's design and source code d. Software and devices that assist in collecting, storing, and analyzing the contents of log files
d. Software and devices that assist in collecting, storing, and analyzing the contents of log files
The primary difference between SOC 2 and SOC 3 reports is ______________. a. Their focus b. Their length c. The number of auditors involved d. Their audience
d. Their audience