CYBERSECURITY EXAM QUESTIONS WITH SOLUTIONS.

CYBERSECURITY EXAM QUESTIONS WITH SOLUTIONS. Which term describes any action that could damage an asset? Threat Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer? HIPPA Rachel is investigating an information security incident that took place at the high school where she works. She suspects that students may have broken into the student records system and altered their grades. If correct, which one of the tenets of information security did this attack violate? Integrity Which one of the following measures the average amount of time that it takes to repair a system, application, or component? MTTR Juan's web server was down for an entire day last September. It experienced no other downtime during that month. Which one of the following represents the web server uptime for that month? 96.67% Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations? Password Protection Which security control is most helpful in protecting against eavesdropping on wireless LAN (WLAN) data transmissions that would jeopardize confidentiality? applying strong encryption Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections? 22 Which network device is capable of blocking network connections that are identified as potentially malicious? IPS Which risk is most effectively mitigated by an upstream Internet service provider (ISP)? DDoS Beth must purchase firewalls for several network circuits used by her organization. Which one circuit will have the highest possible network throughput? OC-12 What is NOT a common endpoint for a virtual private network (VPN) connection used for remote network access? Content Filter Which one of the following is typically used during the identification phase of a remote access connection? Username During what phase of a remote access connection does the end user prove his or her claim of identity? Authentication Which one of the following is NOT a good technique for performing authentication of an end user? Identification Number Which element of the security policy framework requires approval from upper management and applies to the entire organization? Policy Which element of the security policy framework offers suggestions rather than mandatory actions? Guideline Chris is writing a document that provides step-by-step instructions for end users seeking to update the security software on their computers. Performing these updates is mandatory. Which type of document is Chris writing? Procedure Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used? Standard Which classification level is the highest level used by the U.S. federal government? Top Secret Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext. True The weakest link in the security of an IT infrastructure is the server False Organizations should start defining their IT security policy framework by defining an asset classification policy. True The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy True The Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information. False Access control lists (ACLs) are used to permit and deny traffic in an IP router. True Service-level agreements (SLAs) are optical backbone trunks for private optical backbone networks False Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available True A VPN router is a security appliance that is used to filter IP packets. False Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance True The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services. True A IT security policy framework is like an outline that identifies where security controls should be used True Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages False Cryptography is the process of transforming data from cleartext into ciphertext. False Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to a specific user. True The System/Application Domain holds all the mission-critical systems, applications, and data True In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries. True Encrypting the data within databases and storage devices gives an added layer of security. True The asset protection policy defines an organization's data classification standard. True For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories. True Which Internet of Things (IoT) challenge involves the difficulty of developing and implementing protocols that allow devices to communicate in a standard fashion? Interoperability Which one of the following is NOT a market driver for the Internet of Things (IoT)? Global adoption of non-IP networking Kaira's company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor's site, using a web browser. Which service delivery model is Kaira's company using? SaaS Which one of the following is NOT an example of store-and-forward messaging? Telephone Call Gwen's company is planning to accept credit cards over the Internet. Which one of the following governs this type of activity and includes provisions that Gwen should implement before accepting credit card transactions? PCI DSS Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement? BYOD Which scenario presents a unique challenge for developers of mobile applications? Selecting multiple items from a list With the use of Mobile IP, which device is responsible for keeping track of mobile nodes (MNs) and forwarding packets to the MN's current network? HA Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements? Applying security updates promptly From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)? Security risks will increase Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate? Deidentification Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation? Secure Which organization pursues standards for Internet of Things (IoT) devices and is widely recognized as the authority for creating standards on the Internet? Internet Engineering Task Force Which one of the following governs the use of Internet of Things (IoT) by healthcare providers, such as physicians and hospitals? HIPAA Which one of the following is NOT an area of critical infrastructure where the Internet of Things (IoT) is likely to spur economic development in less developed countries? E-Commerce Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs? Collaboration Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)? Health Monitoring Which one of the following is an advantage that the Internet of Things (IoT) brings to economic development for countries? Technical and Industry Development Which compliance obligation includes security requirements that apply specifically to federal government agencies in the United States? FISMA In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)? CN Connectivity is one of the five critical challenges that the Internet of Things (IoT) has to overcome. False Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet. True Unified messaging allows you to download both voice and email messages to a smartphone or tablet. True The auto industry has not yet implemented the Internet of Things (IoT). False Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications. False E-commerce systems and applications demand strict confidentiality, integrity, and availability (CIA) security controls True A bricks-and-mortar strategy includes marketing and selling goods and services on the Internet. True In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk True Bricks-and-mortar stores are completely obsolete now. False Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones. True Bring Your Own Device (BYOD) opens the door to considerable security issues. True One of the first industries to adopt and widely use mobile applications was the healthcare industry True Using Mobile IP, users can move between segments on a local area network (LAN) and stay connected without interruption. True Each 4G device has a unique Internet Protocol (IP) address and appears just like any other wired device on a network. True Cars that have Wi-Fi access and onboard computers require software patches and upgrades from the manufacturer True Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits. True IoT devices cannot share and communicate your IoT device data to other systems and applications without your authorization or knowledge. False IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations. True Some vending machines are equipped with a cellular phone network antenna for secure credit card transaction processing. True Store-and-forward communications should be used when you need to talk to someone immediately False Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales? Opportunity Cost Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri? White Hat Hacker Which tool can capture the packets transmitted between systems over a network? Protocol Analyzer Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service? 80 Which type of denial of service attack exploits the existence of software flaws to disrupt a service? Logic Attack Tony is working with a law enforcement agency to place a wiretap pursuant to a legitimate court order. The wiretap will monitor communications without making any modifications. What type of wiretap is Tony placing? Passive Wiretap Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place? Spim Which term describes an action that can damage or compromise an asset? Threat Which one of the following is an example of a disclosure threat? Espionage Which type of attack involves the creation of some deception in order to trick unsuspecting users? Fabrication Which password attack is typically used specifically against password files that contain cryptographic hashes? Birthday Attacks Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place? ARP Poisoning In which type of attack does the attacker attempt to take over an existing connection between two systems? Session Hijacking Which group is the most likely target of a social engineering attack? Receptionists and Administrative Assistants What type of malicious software masquerades as legitimate software to entice the user to run it? Trojan Horse An attacker attempting to break into a facility pulls the fire alarm to distract the security guard manning an entry point. Which type of social engineering attack is the attacker using? Urgency Barry discovers that an attacker is running an access point in a building adjacent to his company. The access point is broadcasting the security set identifier (SSID) of an open network owned by the coffee shop in his lobby. Which type of attack is likely taking place? Evil Twin Which type of attack against a web application uses a newly discovered vulnerability that is not patchable? Zero-Day Attack Which control is not designed to combat malware? Firewalls Florian recently purchased a set of domain names that are similar to those of legitimate websites and used the newly purchased sites to host malware. Which type of attack is Florian using? Typosquatting When servers need operating system upgrades or patches, administrators take them offline intentionally so they can perform the necessary work without risking malicious attacks. True An attacker uses exploit software when wardialing. False Wardialers are becoming more frequently used given the rise of Voice over IP (VoIP). False Failing to prevent an attack all but invites an attack. True A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks. True A rootkit uses a directed broadcast to create a flood of network traffic for the victim computer. False Denial of service (DoS) attacks are larger in scope than distributed denial of service (DDoS) attacks. False A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment. True Rootkits are malicious software programs designed to be hidden from normal methods of detection. True The anti-malware utility is one of the most popular backdoor tools in use today. False Spam is some act intended to deceive or trick the receiver, normally in email messages. False An alteration threat violates information integrity. True A birthday attack is a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier. True A dictionary password attack is a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource. False A man-in-the-middle attack takes advantage of the multihop process used by many types of networks. True A phishing attack "poisons" a domain name on a domain name server. False The main difference between a virus and a worm is that a virus does not need a host program to infect. False Spyware gathers information about a user through an Internet connection, without his or her knowledge True Vishing is a type of wireless network attack. False Using a secure logon and authentication process is one of the six steps used to prevent malware. True Which formula is typically used to describe the components of information security risks? Threat X Likelihood Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? Risk Survey Results Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining? RTO Which one of the following is an example of a direct cost that might result from a business disruption? Facility Repair Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? BCP What is the first step in a disaster recovery effort? Ensure that everyone is safe Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? warm site Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? checklist test As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? simulation test Which one of the following is an example of a reactive disaster recovery control? moving to a warm site George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? Risk Management Guide for Information Technology Systems (NIST SP800-30) Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? HIPAA A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? Payment Card Industry Data Security Standard (PCI DSS) The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? 13 Which one of the following is the best example of an authorization control? Access control lists Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? Data ownership What is NOT a commonly used endpoint security technique? Network firewall What is NOT one of the three tenets of information security? Safety What compliance regulation applies specifically to the educational records maintained by schools about students? Family Education Rights and Privacy Act (FERPA) What level of technology infrastructure should you expect to find in a cold site alternative data center facility? No technology infrastructure The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. True The term risk methodology refers to a list of identified risks that results from the risk-identification process. False The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks. True The recovery point objective (RPO) is the maximum amount of data loss that is acceptable. True The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. True Continuity of critical business functions and operations is the first priority in a wellbalanced business continuity plan (BCP). False A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster. True The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios. False Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. False Most enterprises are well prepared for a disaster should one occur. False A surge protector is an example of a preventative component of a disaster recovery plan (DRP). True A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats. False The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry. True The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems. True Authentication controls include passwords and personal identification numbers (PINs). True Authorization controls include biometric devices. False In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. True Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device. True Screen locks are a form of endpoint device security control. True Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device. False Which one of the following is an example of a logical access control? Options Menu: Question Text Password During which phase of the access control process does the system answer the question,"What can the requestor access?" Authorization Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about? Options Menu: Question Text Accountability The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control. Options Menu: Question Text Security Kernel Which type of authentication includes smart cards? Options Menu: Question Text Ownership Which one of the following is an example of two-factor authentication? Options Menu: Question Text Smart card and PIN Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value? Options Menu: Question Text Brute-Force attack Which one of the following is NOT a commonly accepted best practice for password security? Options Menu: Question Text Use at least 6 alphanumerical characters Which characteristic of a biometric system measures the system's accuracy using a balance of different error types? Options Menu: Question Text CER Alan is evaluating different biometric systems and is concerned that users might not want to subject themselves to retinal scans due to privacy concerns. Which characteristic of a biometric system is he considering? Options Menu: Question Text Acceptability Which one of the following is NOT an advantage of biometric systems? Options Menu: Question Text Physical characteristics may change What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)? Options Menu: Question Text Kerberos Which of the following is an example of a hardware security control? Options Menu: Question Text MAC filtering Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario? Options Menu: Question Text DAC Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following? Options Menu: Question Text Separation of Duties Which security model does NOT protect the integrity of information? Options Menu: Question Text Bell-LaPudula Which one of the following principles is NOT a component of the Biba integrity model? Options Menu: Question Text Subjects cannot change objects that have a lower integrity level Which of the following does NOT offer authentication, authorization, and accounting (AAA) services? Options Menu: Question Text RAID What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications? Options Menu: Question Text SAML Which of the following is NOT a benefit of cloud computing to organizations? Options Menu: Question Text Lower dependence on outside vendors A trusted operating system (TOS) provides features that satisfy specific government requirements for security. Options Menu: Question Text True The four central components of access control are users, resources, actions, and features. Options Menu: Question Text False Common methods used to identify a user to a system include username, smart card, and biometrics. Options Menu: Question Text True A dictionary attack works by hashing all the words in a dictionary and then comparing the hashed value with the system password file to discover a match. Options Menu: Question Text True Passphrases are less secure than passwords. Options Menu: Question Text False The number of failed logon attempts that trigger an account action is called an audit logon event. Options Menu: Question Text False You should use easy-to-remember personal information to create secure passwords. Options Menu: Question Text False A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader. Options Menu: Question Text True Voice pattern biometrics are accurate for authentication because voices can't easily be replicated by computer software. Options Menu: Question Text False Fingerprints, palm prints, and retina scans are types of biometrics. Options Menu: Question Text True Single sign-on (SSO) can provide for stronger passwords because with only one password to remember, users are generally willing to use stronger passwords. Options Menu: Question Text True DIAMETER is a research and development project funded by the European Commission. Options Menu: Question Text False Log files are records that detail who logged on to a system, when they logged on, and what information or resources they used. Options Menu: Question Text True A degausser creates a magnetic field that erases data from magnetic storage media. Options Menu: Question Text True User-based permission levels limit a person to executing certain functions and often enforces mutual exclusivity. Options Menu: Question Text False Temporal isolation is commonly used in combination with rule-based access control. Options Menu: Question Text False Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it. Options Menu: Question Text True A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side. Options Menu: Question Text True An example of a threat to access control is in a peer-to-peer (P2P) arrangement in which users share their My Documents folder with each other by accident. Options Menu: Question Text True Terminal Access Controller Access Control System Plus (TACACS+) is an authentication server that uses client and user configuration files. Options Menu: Question Text False Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing? Options Menu: Question Text Authorization Which of the following would NOT be considered in the scope of organizational compliance efforts? Options Menu: Question Text Laws Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve? Options Menu: Question Text Access to high level of expertise Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type? Options Menu: Question Text SLA Which agreement type is typically less formal than other agreements and expresses areas of common interest? Options Menu: Question Text MOU What is NOT a good practice for developing strong professional ethics? Options Menu: Question Text Assume that information that should be free Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture Board (IAB)? Options Menu: Question Text Enforcing the integrity of computer based information What is NOT a principle for privacy created by the Organization for Economic Cooperation and Development (OECD)? Options Menu: Question Text An organization should share its information Karen is designing a process for issuing checks and decides that one group of users will have the authority to create new payees in the system while a separate group of users will have the authority to issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen enforcing? Options Menu: Question Text Separation of duties What is NOT a goal of information security awareness programs? Options Menu: Question Text Punish users who violate policy Ann is creating a template for the configuration of Windows servers in her organization. It includes the basic security settings that should apply to all systems. What type of document should she create? Options Menu: Question Text Baseline Roger's organization received a mass email message that attempted to trick users into revealing their passwords by pretending to be a help desk representative. What category of social engineering is this an example of? Options Menu: Question Text Phishing Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is NOT normally used to make these type of classification decisions? Options Menu: Question Text Threat Which activity manages the baseline settings for a system or device? Options Menu: Question Text Configuration Control What is the correct order of steps in the change control process? Options Menu: Question Text Request impact assessment approval build/test implement monitor Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking? Options Menu: Question Text Project initiation and planning Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is NOT a good approach for destroying data? Options Menu: Question Text Formatting In an accreditation process, who has the authority to approve a system for implementation? Options Menu: Question Text AO In what type of attack does the attacker send unauthorized commands directly to a database? Options Menu: Question Text SQL injection In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete? Options Menu: Question Text Waterfall One advantage of using a security management firm for security monitoring is that it has a high level of expertise. Options Menu: Question Text True Often an extension of a memorandum of understanding (MOU), the blanket purchase agreement (BPA) serves as an agreement that documents the technical requirements of interconnected assets. Options Menu: Question Text False A remediation liaison makes sure all personnel are aware of and comply with an organization's policies. Options Menu: Question Text False The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege. Options Menu: Question Text True Mandatory vacations minimize risk by rotating employees among various systems or duties. Options Menu: Question Text False Social engineering is deceiving or using people to get around security controls. Options Menu: Question Text True Written security policies document management's goals and objectives. Options Menu: Question Text True A functional policy declares an organization's management direction for security in such specific functional areas as email, remote access, and Internet surfing. Options Menu: Question Text True Procedures do NOT reduce mistakes in a crisis. Options Menu: Question Text False Standards are used when an organization has selected a solution to fulfill a policy goal. Options Menu: Question Text True The term "data owner" refers to the person or group that manages an IT infrastructure. Options Menu: Question Text False Company-related classifications are not standard, therefore, there may be some differences between the terms "private" and "confidential" in different companies. Options Menu: Question Text True Classification scope determines what data you should classify; classification process determines how you handle classified data. Options Menu: Question Text True Configuration changes can be made at any time during a system life cycle and no process is required. Options Menu: Question Text False A hardware configuration chart should NOT include copies of software configurations. Options Menu: Question Text False With proactive change management, management initiates the change to achieve a desired goal. Options Menu: Question Text True Change doesn't create risk for a business. Options Menu: Question Text False A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation, and back-out plans. Options Menu: Question Text True Policies that cover data management should cover transitions throughout the data life cycle. Options Menu: Question Text True Certification is the formal agreement by an authorizing official to accept the risk of implementing a system. Options Menu: Question Text False Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? Options Menu: Question Text Audit Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use? Options Menu: Question Text Prudent Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit? Options Menu: Question Text Is the security control likely to become obsolete in the near future Which regulatory standard would NOT require audits of companies in the United States? Options Menu: Question Text PIPEDA Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request? Options Menu: Question Text SOC 3 Which item is an auditor least likely to review during a system controls audit? Options Menu: Question Text Resumes of system administrator What is a set of concepts and policies for managing IT infrastructure, development, and operations? Options Menu: Question Text ITIL Which audit data collection method helps ensure that the information-gathering process covers all relevant areas? Options Menu: Question Text Checklist Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit? Options Menu: Question Text Does the firewall properly block unsolicited network connection attempts? What information should an auditor share with the client during an exit interview? Options Menu: Question Text Details on major issues What is NOT generally a section in an audit report? Options Menu: Question Text System configurations What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? Options Menu: Question Text System Integrity Monitoring Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network? Options Menu: Question Text SSL Anthony is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring? Options Menu: Question Text False Positive Error Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work? Options Menu: Question Text SIEM Which intrusion detection system strategy relies upon pattern matching? Options Menu: Question Text Signature Detection Which security testing activity uses tools that scan for services running on systems? Options Menu: Question Text Network Mapping Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting? Options Menu: Question Text Black-Box test When should an organization's managers have an opportunity to respond to the findings in an audit? Options Menu: Question Text Managers should include their responses to the draft audit report in the final audit report. Which activity is an auditor least likely to conduct during the information-gathering phase of an audit? Options Menu: Question Text Report Writing Many jurisdictions require audits by law. Options Menu: Question Text True An SOC 1 report primarily focuses on security. Options Menu: Question Text False An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). Options Menu: Question Text True An auditing benchmark is the standard by which a system is compared to determine whether it is securely configured. Options Menu: Question Text True During an audit, an auditor compares the current setting of a computer or device with a benchmark to help identify differences. Options Menu: Question Text True After audit activities are completed, auditors perform data analysis. Options Menu: Question Text True During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system. Options Menu: Question Text False Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid. Options Menu: Question Text False SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers. Options Menu: Question Text True During the planning and execution phases of an audit, an auditor will most likely review risk analysis output. Options Menu: Question Text True Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management. Options Menu: Question Text False Performing security testing includes vulnerability testing and penetration testing. Options Menu: Question Text True In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done. Options Menu: Question Text True A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system. Options Menu: Question Text False Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it. Options Menu: Question Text True Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events. Options Menu: Question Text False The four main types of logs that you need to keep to support security auditing include event, access, user, and security. Options Menu: Question Text False Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity. Options Menu: Question Text True In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks. Options Menu: Question Text True Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets. Options Menu: Question Text True