ITSY 1300 Review – Questions With Appropriate
Solutions
Save
Terms in this set (155)
In security testing data true
collection, observation is
the input used to
differentiate between
paper procedures and the
way the job is really done.
Emily is the information soc 3
security director for a large
company that handles
sensitive personal
information. She is hiring an
auditor to conduct an
assessment demonstrating
that her firm is satisfying
requirements regarding
customer private data.
What type of assessment
should she request?
The four main types of logs false
that you need to keep to
support security auditing
include event, access, user,
and security.
Which activity is an auditor report writing
least likely to conduct
during the information-
gathering phase of an
audit?
,An auditing benchmark is true
the standard by which a
system is compared to
determine whether it is
securely configured.
What information should an Details on major issues
auditor share with the client
during an exit interview?
What is a set of concepts IT Infrastructure Library
and policies for managing
IT infrastructure,
development, and
operations?
Committee of Sponsoring false
Organizations (COSO) is a
set of best practices for IT
management.
Ricky is reviewing security adult
logs to independently
assess security controls.
Which security review
process is Ricky engaging
in?
Which intrusion detection Signature detection
system strategy relies upon
pattern matching?
An SOC 1 report primarily false
focuses on security.
Gina is preparing to Secure Sockets Layer (SSL
monitor network activity
using packet sniffing. Which
technology is most likely to
interfere with this effort if
used on the network?
Regarding log monitoring, false
false negatives are alerts
that seem malicious but are
not real security events.
, In security testing, true
reconnaissance involves
reviewing a system to learn
as much as possible about
the organization, its
systems, and its networks.
A report indicating that a false
system's disk is 80 percent
full is a good indication that
something is wrong with
that system.
Data loss prevention (DLP) true
uses business rules to
classify sensitive
information to prevent
unauthorized end users
from sharing it.
Anomaly-based intrusion true
detection systems compare
current activity with stored
profiles of normal
(expected) activity.
Christopher is designing a prudent
security policy for his
organization. He would like
to use an approach that
allows a reasonable list of
activities but does not
allow other activities. Which
permission level is he
planning to use?
Solutions
Save
Terms in this set (155)
In security testing data true
collection, observation is
the input used to
differentiate between
paper procedures and the
way the job is really done.
Emily is the information soc 3
security director for a large
company that handles
sensitive personal
information. She is hiring an
auditor to conduct an
assessment demonstrating
that her firm is satisfying
requirements regarding
customer private data.
What type of assessment
should she request?
The four main types of logs false
that you need to keep to
support security auditing
include event, access, user,
and security.
Which activity is an auditor report writing
least likely to conduct
during the information-
gathering phase of an
audit?
,An auditing benchmark is true
the standard by which a
system is compared to
determine whether it is
securely configured.
What information should an Details on major issues
auditor share with the client
during an exit interview?
What is a set of concepts IT Infrastructure Library
and policies for managing
IT infrastructure,
development, and
operations?
Committee of Sponsoring false
Organizations (COSO) is a
set of best practices for IT
management.
Ricky is reviewing security adult
logs to independently
assess security controls.
Which security review
process is Ricky engaging
in?
Which intrusion detection Signature detection
system strategy relies upon
pattern matching?
An SOC 1 report primarily false
focuses on security.
Gina is preparing to Secure Sockets Layer (SSL
monitor network activity
using packet sniffing. Which
technology is most likely to
interfere with this effort if
used on the network?
Regarding log monitoring, false
false negatives are alerts
that seem malicious but are
not real security events.
, In security testing, true
reconnaissance involves
reviewing a system to learn
as much as possible about
the organization, its
systems, and its networks.
A report indicating that a false
system's disk is 80 percent
full is a good indication that
something is wrong with
that system.
Data loss prevention (DLP) true
uses business rules to
classify sensitive
information to prevent
unauthorized end users
from sharing it.
Anomaly-based intrusion true
detection systems compare
current activity with stored
profiles of normal
(expected) activity.
Christopher is designing a prudent
security policy for his
organization. He would like
to use an approach that
allows a reasonable list of
activities but does not
allow other activities. Which
permission level is he
planning to use?
