Shi-No-Bu - NS - Chapter 7
what is the definition of "anomaly-based IDS"?
An intrusion detection system that compares current activity with expected "normal" expected activity.
What is the definition of a pattern-based IDS?
An intrusion detection system that uses pattern matching and stateful matching to compare current network activity with activity pattern/signatures of known attackers.
Which of the following is the definition of false negative?
Incorrectly identifying abnormal activity as normal
________ was developed for organizations such as insurance and medical claims processors, telecommunication service providers, managed service providers, and credit card transaction processing companies.
SAS 70
What is the definition of gray-box testing?
Security testing that is based on having limited information of an app's design.
What is a security information and event management(SIEM) system?
Software devices that assist in collecting, storing, and analyzing the contents of log files.
What is the definition of a "hardened" configuration
The state for your system in which you have disabled or turned off unnecessary services and processes and protected the ones that are left running.
What is the definition of network mapping?
Using tools to determine the layout and services running on an organization's system and networks.
What is white-box testing?
White box testing is security testing based on having full knowledge of the source code of the app.
_________ gives you the opportunity to review your risk-management program and to confirm the program has correctly identified and reduced/addressed risks to your organization
an audit.
A method of security testing that isn't based directly on knowledge of a program's architecture is called _____.
black-box testing
Security audits help ensure your rules and __________ are up to date, documented, and subject to change control procedures.
configurations
As your organization grows and evolves and as threats mature, it is important to make sure your ________ still meet the risks(s) you face today.
controls
What term is used to describe a reconnaissance technique that enables an attacker to use port mapping to learn the identify of a system's operating system and version?
operating system fingerprinting
Audits are necessary because of _______.
potential liability, negligence, and mandatory regulatory compliance(All of the above).
________ provides information on what is happening as it happens
real time monitoring
SOC 2 AND SOC 3 PRIMARILY ADDRESS _______ RELATED CONTROLS.
security
an SOC 1 report is commonly implemented for organizations that must comply with SOX(Sarbanes-Oxley) or GLBA(Gramm-Leach-Bliley Act)(T/F)
true
many jurisdictions require audits by law(T/F)
true
the term "clipping level" refers to a value used in security monitoring that tells controls to ignore activity that falls under a stated value.(T/F)
true
