Security CHP 7

Ace your homework & exams now with Quizwiz!

Which regulatory standard would NOT require audits of companies in the United States?

Personal Information Protection and Electronic Documents Act (PIPEDA)

Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting?

Black-box test

What information should an auditor share with the client during an exit interview?

Details on major issues

Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit?

Does the firewall properly block unsolicited network connection attempts?

Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?

False positive error

When should an organization's managers have an opportunity to respond to the findings in an audit?

Managers should include their responses to the draft audit report in the final audit report.

Which security testing activity uses tools that scan for services running on systems?

Network mapping

Which item is an auditor least likely to review during a system controls audit?

Resumes of system administrators

Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?

Security information and event management (SIEM)

What is NOT generally a section in an audit report?

System configurations

What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?

System integrity monitoring

Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?

SOC 3

Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network?

Secure Sockets Layer (SSL)

Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in?

Audit

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Checklist

What is a set of concepts and policies for managing IT infrastructure, development, and operations?

IT Infrastructure Library (ITIL)

Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit?

Is the security control likely to become obsolete in the near future?

Which activity is an auditor least likely to conduct during the information-gathering phase of an audit?

Report writing

Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use?

Prudent

Which intrusion detection system strategy relies upon pattern matching?

Signature detection


Related study sets

Week 5 Quiz: The Constitution & Federalism

View Set

Chapter 27: Disorders of Cardiac Function, Heart Failure, and Circulatory Shock

View Set