ITSY 1300 REVIEW QUESTIONS & ANSWERS
true - Answer -In security testing data collection, observation is the input used to
differentiate between paper procedures and the way the job is really done.
soc 3 - Answer -Emily is the information security director for a large company that
handles sensitive personal information. She is hiring an auditor to conduct an
assessment demonstrating that her firm is satisfying requirements regarding customer
private data. What type of assessment should she request?
false - Answer -The four main types of logs that you need to keep to support security
auditing include event, access, user, and security.
report writing - Answer -Which activity is an auditor least likely to conduct during the
information-gathering phase of an audit?
true - Answer -An auditing benchmark is the standard by which a system is compared
to determine whether it is securely configured.
Details on major issues - Answer -What information should an auditor share with the
client during an exit interview?
IT Infrastructure Library - Answer -What is a set of concepts and policies for managing
IT infrastructure, development, and operations?
false - Answer -Committee of Sponsoring Organizations (COSO) is a set of best
practices for IT management.
adult - Answer -Ricky is reviewing security logs to independently assess security
controls. Which security review process is Ricky engaging in?
Signature detection - Answer -Which intrusion detection system strategy relies upon
pattern matching?
false - Answer -An SOC 1 report primarily focuses on security.
Secure Sockets Layer (SSL - Answer -Gina is preparing to monitor network activity
using packet sniffing. Which technology is most likely to interfere with this effort if used
on the network?
false - Answer -Regarding log monitoring, false negatives are alerts that seem
malicious but are not real security events.
true - Answer -In security testing, reconnaissance involves reviewing a system to learn
as much as possible about the organization, its systems, and its networks.
,false - Answer -A report indicating that a system's disk is 80 percent full is a good
indication that something is wrong with that system.
true - Answer -Data loss prevention (DLP) uses business rules to classify sensitive
information to prevent unauthorized end users from sharing it.
true - Answer -Anomaly-based intrusion detection systems compare current activity
with stored profiles of normal (expected) activity.
prudent - Answer -Christopher is designing a security policy for his organization. He
would like to use an approach that allows a reasonable list of activities but does not
allow other activities. Which permission level is he planning to use?
False positive error - Answer -Anthony is responsible for tuning his organization's
intrusion detection system. He notices that the system reports an intrusion alert each
time that an administrator connects to a server using Secure Shell (SSH). What type of
error is occurring?
true - Answer -An SOC 1 report is commonly implemented for organizations that must
comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
System Configuration - Answer -What is NOT generally a section in an audit report?
Checklist - Answer -Which audit data collection method helps ensure that the
information-gathering process covers all relevant areas?
true - Answer -SOC 2 reports are created for internal and other authorized stakeholders
and are commonly implemented for service providers, hosted data centers, and
managed cloud computing providers.
false - Answer -Regarding security controls, the four most common permission levels
are poor, permissive, prudent, and paranoid.
Resumes of system administrators - Answer -Which item is an auditor least likely to
review during a system controls audit?
true - Answer -Regarding an intrusion detection system (IDS), stateful matching looks
for specific sequences appearing across several packets in a traffic stream rather than
justin individual packets.
true - Answer -After audit activities are completed, auditors perform data analysis.
true - Answer -During the planning and execution phases of an audit, an auditor will
most likely review risk analysis output.
, System integrity monitoring - Answer -What type of security monitoring tool would be
most likely to identify an unauthorized change to a computer system?
true - Answer -Performing security testing includes vulnerability testing and penetration
testing.
network mapping - Answer -Which security testing activity uses tools that scan for
services running on systems?
Managers should include their responses to the draft audit report in the final audit
report. - Answer -When should an organization's managers have an opportunity to
respond to the findings in an audit?
false - Answer -During the secure phase of a security review, you review and measure
all controls to capture actions and changes on the system.
Security information and event management (SIEM) - Answer -Isaac is responsible for
performing log reviews for his organization in an attempt to identify security issues. He
has a massive amount of data to review. What type of tool would best assist him with
this work?
true - Answer -Security information and event management (SIEM)
Is the security control effective in addressing the risk it was designed to address? -
Answer -Jacob is conducting an audit of the security controls at an organization as an
independent reviewer. Which question would NOT be part of his audit?
Does the firewall properly block unsolicited network connection attempts? - Answer -
Curtis is conducting an audit of an identity management system. Which question is NOT
likely to be in the scope of his audit?
black-box test - Answer -Fran is conducting a security test of a new application. She
does not have any access to the source code or other details of the application she is
testing. What type of test is Fran conducting?
Personal Information Protection and Electronic Documents Act (PIPEDA) - Answer -
Which regulatory standard would NOT require audits of companies in the United
States?
true - Answer -During an audit, an auditor compares the current setting of a computer
or device with a benchmark to help identify differences.
True - Answer -Many jurisdictions require audits by law.
Janet is identifying the set of privileges that should be assigned to a new employee in
her organization. Which phase of the access control process is she performing?
true - Answer -In security testing data collection, observation is the input used to
differentiate between paper procedures and the way the job is really done.
soc 3 - Answer -Emily is the information security director for a large company that
handles sensitive personal information. She is hiring an auditor to conduct an
assessment demonstrating that her firm is satisfying requirements regarding customer
private data. What type of assessment should she request?
false - Answer -The four main types of logs that you need to keep to support security
auditing include event, access, user, and security.
report writing - Answer -Which activity is an auditor least likely to conduct during the
information-gathering phase of an audit?
true - Answer -An auditing benchmark is the standard by which a system is compared
to determine whether it is securely configured.
Details on major issues - Answer -What information should an auditor share with the
client during an exit interview?
IT Infrastructure Library - Answer -What is a set of concepts and policies for managing
IT infrastructure, development, and operations?
false - Answer -Committee of Sponsoring Organizations (COSO) is a set of best
practices for IT management.
adult - Answer -Ricky is reviewing security logs to independently assess security
controls. Which security review process is Ricky engaging in?
Signature detection - Answer -Which intrusion detection system strategy relies upon
pattern matching?
false - Answer -An SOC 1 report primarily focuses on security.
Secure Sockets Layer (SSL - Answer -Gina is preparing to monitor network activity
using packet sniffing. Which technology is most likely to interfere with this effort if used
on the network?
false - Answer -Regarding log monitoring, false negatives are alerts that seem
malicious but are not real security events.
true - Answer -In security testing, reconnaissance involves reviewing a system to learn
as much as possible about the organization, its systems, and its networks.
,false - Answer -A report indicating that a system's disk is 80 percent full is a good
indication that something is wrong with that system.
true - Answer -Data loss prevention (DLP) uses business rules to classify sensitive
information to prevent unauthorized end users from sharing it.
true - Answer -Anomaly-based intrusion detection systems compare current activity
with stored profiles of normal (expected) activity.
prudent - Answer -Christopher is designing a security policy for his organization. He
would like to use an approach that allows a reasonable list of activities but does not
allow other activities. Which permission level is he planning to use?
False positive error - Answer -Anthony is responsible for tuning his organization's
intrusion detection system. He notices that the system reports an intrusion alert each
time that an administrator connects to a server using Secure Shell (SSH). What type of
error is occurring?
true - Answer -An SOC 1 report is commonly implemented for organizations that must
comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA).
System Configuration - Answer -What is NOT generally a section in an audit report?
Checklist - Answer -Which audit data collection method helps ensure that the
information-gathering process covers all relevant areas?
true - Answer -SOC 2 reports are created for internal and other authorized stakeholders
and are commonly implemented for service providers, hosted data centers, and
managed cloud computing providers.
false - Answer -Regarding security controls, the four most common permission levels
are poor, permissive, prudent, and paranoid.
Resumes of system administrators - Answer -Which item is an auditor least likely to
review during a system controls audit?
true - Answer -Regarding an intrusion detection system (IDS), stateful matching looks
for specific sequences appearing across several packets in a traffic stream rather than
justin individual packets.
true - Answer -After audit activities are completed, auditors perform data analysis.
true - Answer -During the planning and execution phases of an audit, an auditor will
most likely review risk analysis output.
, System integrity monitoring - Answer -What type of security monitoring tool would be
most likely to identify an unauthorized change to a computer system?
true - Answer -Performing security testing includes vulnerability testing and penetration
testing.
network mapping - Answer -Which security testing activity uses tools that scan for
services running on systems?
Managers should include their responses to the draft audit report in the final audit
report. - Answer -When should an organization's managers have an opportunity to
respond to the findings in an audit?
false - Answer -During the secure phase of a security review, you review and measure
all controls to capture actions and changes on the system.
Security information and event management (SIEM) - Answer -Isaac is responsible for
performing log reviews for his organization in an attempt to identify security issues. He
has a massive amount of data to review. What type of tool would best assist him with
this work?
true - Answer -Security information and event management (SIEM)
Is the security control effective in addressing the risk it was designed to address? -
Answer -Jacob is conducting an audit of the security controls at an organization as an
independent reviewer. Which question would NOT be part of his audit?
Does the firewall properly block unsolicited network connection attempts? - Answer -
Curtis is conducting an audit of an identity management system. Which question is NOT
likely to be in the scope of his audit?
black-box test - Answer -Fran is conducting a security test of a new application. She
does not have any access to the source code or other details of the application she is
testing. What type of test is Fran conducting?
Personal Information Protection and Electronic Documents Act (PIPEDA) - Answer -
Which regulatory standard would NOT require audits of companies in the United
States?
true - Answer -During an audit, an auditor compares the current setting of a computer
or device with a benchmark to help identify differences.
True - Answer -Many jurisdictions require audits by law.
Janet is identifying the set of privileges that should be assigned to a new employee in
her organization. Which phase of the access control process is she performing?
