Chapter 7 (Test 2)

Ace your homework & exams now with Quizwiz!

A SOC 1 report primarily focuses on internal controls over security. True or False?

False

Although SAS 70 was general in its scope, the standard did address many of the emerging issues encountered in today's service organizations. True or False?

False

Network mapping is a technique of matching network traffic with rules or signatures based on appearance of the traffic and its relationship to other packets. True or False?

False

The audit itself sets new policies. True or false?

False

A SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). True or False?

True

A benchmark is the standard by which a system is compared to determine whether it is securely configured. One technique in an audit is to compare the current setting of a computer or device with a benchmark to help identify differences. True or False?

True

Auditors often do a substantial amount of work preparing for an audit. True or False?

True

SAS 70 was officially retired in June 2011 and was superseded and enhanced by the Statement of standards for Attestation Engagements Number 16 (SSAE 16), which is now the predominant auditing and reporting standard for service organizations. True or False?

True

SOC 3 reports are intended for public consumption. True or False?

True

Which of the following is the definition of anomaly-based IDS? a. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity b. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running c. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders d. Using tools to determine the layout and services running on an organization's systems and networks

a. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity

A method of security testing that isn't based directly on knowledge of a program's architecture is the definition of ______________. a. Anomaly-based IDS b. Gray-box testing c. Black-box testing d. Security Information and Event Management (SIEM) system

c. Black-box testing

Security audits help ensure that your rules and ___________ are up-to-date, documented, and subject to change control procedures. a. Applications b. Mitigation activities c. Configurations d. Recommendations

c. Configurations

Which of the following is the definition of white-box testing? a. An act carried out in secrecy b. Software and devices that assist in collecting, storing, and analyzing the contents of log files c. Security testing that isn;t based on knowledge of the application's design and source code d. Analysis of activity as it is happening

c. Security testing that isn;t based on knowledge of the application's design and source code

Which of the following is the definition of hardened configuration? a. Using tolls to determine the layout and services running on an organization's systems and networks b. A method of security testing that isn't based directly on knowledge of a program's architecture c. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running d. Incorrectly identifying abnormal activity as normal

c. The state of a computer or device in which you have turned off or disabled unnecessary services and protected the ones that are still running

Audits are necessary because of ____________. a. Mandatory regulatory compliance b. Potential liability c. Negligence d. All of the above

d. All of the above

Which of the following is the definition of false negative? a. Analysis of activity as it is happening b. The process of gathering the wrong information c. A method of security testing that isn;t based directly on knowledge of a program's architecture d. Incorrectly identifying abnormal activity as normal

d. Incorrectly identifying abnormal activity as normal

If knowing about an audit manager changes user behavior, an audit will ______________. a. Not be accurate b. Not be required c. Skew results d. Be more accurate

a. Not be accurate

The __________ framework defines the scope and contents of three levels of audit reports. a. Permission-level b. Zone transfer c. Real-time monitoring d. Service organization control (SOC)

d. Service organization control (SOC)

The following are all methods of collecting data: questionnaires, interviews, observation, and checklists. True or False?

True

Which of the following is the definition of pattern-based IDS? a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets c. Software and devices that assist in collecting, storing, and analyzing the contents of log files d. The state of a computer or device in which you have turned off or disables unnecessary services and protected the ones that are still running

a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders

Which of the following is known as stateful matching? a. Security testing that is based on limited knowledge of an application's design b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets c. Using tools to determine the layout and services running on an organization's systems and networks d. A method of security testing that isn't based directly on knowledge of a program's architecture

b. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets

What term is used to describe a reconnaissance technique that enables an attackers to use port mapping to learn which operating system and version are running on a computer? a. False negative b. Operating system fingerprinting c. Security Information and Event Management (SIEM) system d. Network mapping

b. Operating system fingerprinting

One of the best ways to avoid wasting your organization's resources is to ensure that you follow the __________ review cycle. a. Audit b. Security c. Benchmark d. Monitoring

b. Security

Which of the following defines network mapping? a. A process of finding weaknesses in a system and determining which places may be attack points b. Using tools to determine the layout and services running on an organization's systems and networks c. The standard by which your computer or device is compared to determine if it's securely configured d. A method of security testing that isn;t baed directly on knowledge of a program's architecture

b. Using tools to determine the layout and services running on an organization's systems and networks

As your organization evolves and as threats mature, it is important to make sure your ____________ still meet(s) the risks you face today. a. Configuration b. Monitoring c. Controls d. Settings

c. Controls

_____________ provides information on what is happening as it happens. a. Security b. Vulnerability testing c. Real-time monitoring d. Pattern-based (or signature-based) IDS

c. Real-time monitoring

SOC 2 and SOC 3 reports both address primarily __________ -related controls. a. Communication b. Financial reporting c. Security d. Management

c. Security

It is essential to match your organization's required __________________ with its security structure. a. Operating system b. Recommendations c. Monitoring d. Permission level

d. Permission level

What is meant by gray-box testing? a. A technique of matching network traffic with rules or signatures based on the appearance of the traffic and its relationship to other packets b. Analysis of activity as it is happening c. Any activities designed to reduce the severity of a vulnerability or remove it all together d. Security testing that is based on limited knowledge of an application's design

d. Security testing that is based on limited knowledge of an application's design

What is a Security Information and Event Management (SIEM0 system? a. An intrusion detection system that uses pattern matching and stateful matching to compare current traffic with activity patterns (signatures) of known network intruders b. An intrusion detection system that compares current activity with stored profiles of normal (expected) activity c. Security testing that is based on knowledge of the application's design and source code d. Software and devices that assist in collecting, storing, and analyzing the contents of log files

d. Software and devices that assist in collecting, storing, and analyzing the contents of log files

The primary difference between SOC 2 and SOC 3 reports is ______________. a. Their focus b. Their length c. The number of auditors involved d. Their audience

d. Their audience


Related study sets

TechOps Junior Level Interview Questions

View Set

Chapter 12 - Work/Life balance and other Employee Benefit Programs

View Set

FOI.6 Nucleus: Understand the storage of genetic information and how it is passed down to successive generations and the principles of basic techniques in Molecular Biology

View Set

External Bones of the Cranium/Face

View Set

Psych History ch. 10, ch. 11, ch. 12, & ch. 13

View Set