ISC2 Practice Exam Questions And Answers
With Complete Solutions 100% Correct |
2024.
Replaced SAS 70 in 2011
SSAE 16 - Statement on Standards for Attestation Engagements (SSAE) No. 16
created SAS 70, a standard used until 2011
AICPA - american institute of certified public accountants
Sarbanes-Oxley Act of 2002
instigated the move from SAS 70
SOC reports
Service Organization Control Reports
SSAE 16
the standard used for a SOC 1 report
Readers of SOC 1 reports
could include financial executives at a user organization, compliance officers, and financial auditors of
the service organization.
TSC
AICPA's Trust Services Criteria
tests the controls for effectiveness
A SOC 2 Type 2 audit
the result of the auditor ensuring the controls are in place and well-designed
SOC 2 Type 1
A Soc 3
Same information as a Soc 2 report. Intended for a general audience.
Merchants with over 6 million transactions a year, across all channels or any merchant that has had a
data breach are in this category
PCI DSS level 1
US PII law regarding the government itself
, Privacy Act
US PII law regarding medical providers
HIPAA
US PII law regarding financial and insurance vendors
GLBA
for distributing data with less chance of quality loss
CDN
arranges data as objects in a structured hierarchy
Object storage
should make a data set more secure and decrease the chance of unauthorized access
Bit-splitting
Volume-storage encryption
any outsider (that is, a person who does not have access to the volume OS) will be able to steal only
encrypted data
suggested as possible masking techniques
random substitution, algorithmic substitution, deletion
the trait that allows DRM protection to follow protected files wherever they might be stored/copied
Persistence
"Processing," in a PII context
any manipulation of the data, to include securing or destroying it, in electronic or hard-copy form
involves encrypting the data before it enters the fields of the database; it is much more difficult to
search and review data that has been encrypted, making stuff like search, indexing more difficult
Application-level encryption
It is not included in the CSA CCM.
The DMCA deals with intellectual property and not specifically with personal privacy.
the practice of having sufficient data to replace a lost chunk in data dispersion, protecting against the
possibility of a device failing while it holds a given chunk; parity bits serve the same purpose in the
legacy RAID configuration
Erasure coding
also referred to as egress monitoring
With Complete Solutions 100% Correct |
2024.
Replaced SAS 70 in 2011
SSAE 16 - Statement on Standards for Attestation Engagements (SSAE) No. 16
created SAS 70, a standard used until 2011
AICPA - american institute of certified public accountants
Sarbanes-Oxley Act of 2002
instigated the move from SAS 70
SOC reports
Service Organization Control Reports
SSAE 16
the standard used for a SOC 1 report
Readers of SOC 1 reports
could include financial executives at a user organization, compliance officers, and financial auditors of
the service organization.
TSC
AICPA's Trust Services Criteria
tests the controls for effectiveness
A SOC 2 Type 2 audit
the result of the auditor ensuring the controls are in place and well-designed
SOC 2 Type 1
A Soc 3
Same information as a Soc 2 report. Intended for a general audience.
Merchants with over 6 million transactions a year, across all channels or any merchant that has had a
data breach are in this category
PCI DSS level 1
US PII law regarding the government itself
, Privacy Act
US PII law regarding medical providers
HIPAA
US PII law regarding financial and insurance vendors
GLBA
for distributing data with less chance of quality loss
CDN
arranges data as objects in a structured hierarchy
Object storage
should make a data set more secure and decrease the chance of unauthorized access
Bit-splitting
Volume-storage encryption
any outsider (that is, a person who does not have access to the volume OS) will be able to steal only
encrypted data
suggested as possible masking techniques
random substitution, algorithmic substitution, deletion
the trait that allows DRM protection to follow protected files wherever they might be stored/copied
Persistence
"Processing," in a PII context
any manipulation of the data, to include securing or destroying it, in electronic or hard-copy form
involves encrypting the data before it enters the fields of the database; it is much more difficult to
search and review data that has been encrypted, making stuff like search, indexing more difficult
Application-level encryption
It is not included in the CSA CCM.
The DMCA deals with intellectual property and not specifically with personal privacy.
the practice of having sufficient data to replace a lost chunk in data dispersion, protecting against the
possibility of a device failing while it holds a given chunk; parity bits serve the same purpose in the
legacy RAID configuration
Erasure coding
also referred to as egress monitoring
