Midterm 2 Ch's 5 and 7

Ace your homework & exams now with Quizwiz!

Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering?

Acceptability

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

An SOC 1 report primarily focuses on security.

False

Which one of the following is an example of a logical access control?

Password

After audit activities are completed, auditors perform data analysis.

True

An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).

True

Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords.

True

Which one of the following is NOT a commonly accepted best practice for password security?

Use at least six alphanumeric characters.

Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid.

False

What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?

Security Assertion Markup Language (SAML)

Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences.

True

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

security kernel

During which phase of the access control process does the system answer the question,"What can the requestor access?"

Authorization

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

Fingerprints, palm prints, and retina scans are types of biometrics.

True

DIAMETER is a research and development project funded by the European Commission.

False

An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured.

True

An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident.

True

Common methods used to identify a user to a system include username, smart card, and biometrics.

True

User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity.

False

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

False

The four main types of logs that you need to keep to support security auditing include event, access, user, and security.

False

The number of failed logon attempts that trigger an account action is called an audit logon event.

False

Which of the following is an example of a hardware security control?

MAC filtering

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

Which one of the following is NOT an advantage of biometric systems?

Physical characteristics may change.

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)


Related study sets

exam 1 (ch. 1, 2, 3, 4, and 5) ~ quizzes

View Set

ACC 361 - Miami University Midterm

View Set

INTERNET MARKETING (QUIZ 2 PREP)

View Set

MIS 301 Exam 1 Textbook Questions

View Set

Vocabulary Workshop Second Course - Lesson 1

View Set

World History Spring Final Essays

View Set

Chapter 9: Estimating the Value of a Parameter

View Set

Marketing Information Management

View Set

Chapter 24: Pediatric Examination Quiz

View Set