26 Flashcards
Statement on Standards for Attestation Engagements 18 (SSAE 18) is a standard from the American Institute of Certified Public Accountants (AICPA). The standard defines three types of System and Organization Controls (SOC) audit reports that review different aspects of a company’s operations. A SOC 2 audit report provides detailed information and assurance about a service organization’s security, availability, processing integrity, confidentiality and/or privacy controls, based on their compliance with the AICPA’s TSC (Trust Services Criteria). Furthermore, a SOC 2 Type I audit provides a snapshot of the organization’s control landscape in a specific point in time, SOC 2 Type II audit evaluates the effectiveness of controls over a period of time of at least six consecutive calendar months (in simple terms, “SOC” defines the scope of the audit, “Type” defines the time covered during the audit).
True
Which of the following answers refers to a nonprofit organization promoting best security practices related to cloud computing environments?
** CSA **
Cloud Security Alliance
Which of the following answers refers to a cybersecurity control framework for cloud computing?
** CCM **
The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing
A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources is referred to as:
** AUP **
An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network, the internet or other resources
From the security standpoint, the job rotation policy enables detection of fraudulent activity within the company/organization.
True
One of the goals behind the mandatory vacations policy is to mitigate the occurrence of fraudulent activity within the company/organization.
True
Which of the answers listed below refers to a concept of having more than one person required to complete a given task?
Separation of duties
A sticky note with a password kept on sight in user’s cubicle would be a violation of which of the following policies?
Clean desk policy
A legal contract between the holder of confidential information and another person to whom that information is disclosed prohibiting that other person from disclosing the confidential information to any other party is known as:
** NDA **
A non-disclosure agreement is a legal document which sets rules and principles for the confidentiality of the information to be exchanged.
An agreement between a service provider and users defining the nature, availability, quality, and scope of the service to be provided is known as:
** SLA **
A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
Which of the following terms refers to an agreement that specifies performance requirements for a vendor?
** SLA **
A service-level agreement (SLA) is a contract between a service provider and its customers that documents what services the provider will furnish and defines the service standards the provider is obligated to meet.
Which of the following answers refer to a general document established between two or more parties to define their respective responsibilities and expectations in accomplishing a particular goal or mission? (Select 2 answers)
- MOU (Memorandum of Understanding)
- MOA (Memorandum of Agreement)
A type of agreement that specifies generic terms to simplify the negotiation of future contracts between the signing parties is called:
** MSA **
In business and legal contexts, MSA often stands for Master Services Agreement. It is a contract that establishes the overarching terms and conditions between a service provider and a client.
Which of the following answers refers to a key document governing the relationship between two business organizations?
** BPA **
Business partnership agreements (BPA) are legal agreements between partners.
Which of the terms listed below refer to a product/service that no longer receives continuing support? (Select 2 answers)
EOL (End of Life)
EOSL (End of Service Life)
The “Run as administrator” option in MS Windows allows users with lower-level permissions to perform tasks reserved for system administrators. This feature requires providing Administrator account credentials and temporarily elevates the current user’s privileges to perform a given task. A Linux command that temporarily modifies security privileges to allow an execution of a single command that requires root access permissions is called sudo.
True