Auditing Flashcards

1
Q

What is auditing in security?

A

A technical assessment conducted on apps, systems, or networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of control is auditing?

A

A detective control

Note: A detective control is looking to ensure that security measures were implemented correctly or see what went wrong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the two methods of auditing?

A

Manual and automatic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In a manual audit, what will be reviewed?

A
Security logs
Access Control Lists (ACL's)
User Rights/Permissions
Group Policies (GPO's)
Vulnerability Scans
Written Organizational Policies
Interviewing Personnel

Note: For exam, consider logs to be apart of auditing because they are frequently tied together inside the auditing concept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is automated auditing?

A

An automated audit is a computer-assisted audit using software tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Note about auditing

A

Auditing is usually conducted with a combination of both automatic and manual auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly