Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT auditing Job Interview > Auditing Infrastucture > Flashcards

Auditing Infrastucture Flashcards

1
Q

Data centers

A

They are automated but require staff to operate so there should be policies and procedures in place which should include physicial access control, system and facility monitoring, facility and equipment planning, tracking and maintained as well as responsive procedures for outages, emergencies and alarm conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Windows Server

A
  • I review user access request and approval process and how terminated user accounts are deactivated.
  • I check password controls and verify if auditing is enabled
  • I ensure legal warning banning is displayed during process to provide warning against unauthorized access.
  • I ensure guest account is disabled
  • I check password configuration, firewall settings and patch management
  • Most Times, we send windows audit script to administrators or sit with one to go over local security.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Active Directory

A
  • I check user permission, group policies, computer and domains
  • I do so by using windows script to validate all domains
  • The script copies the dump, and I review the dump.
  • I also check security, domain, administrative right and control over controller.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Oracle Audit

A
  • I inquire a list of DBA’s to determine who has access to the database.
  • I check user authentication
  • I review password configuration to ensure it meets the company policy
  • I ensure default database user account password has been changed.
  • I ensure control is in place to prevent users from updating data directly in the database environment.
  • I ensure they have audit trail enabled for administrative account.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Unix Audit (operating system)

A
  • I review user account creation and approval process.
  • I ensure that there are no terminated users with active accounts in the system.
  • I review security of user directories and configuration files for world writable files.
  • I review cron and @ job for suspicious entries
  • I also interview the admins to know the monitoring tools used to manage the Unix operating system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network devices

A
  • Active directory/Domain Controller controls Local Area Network with a particular location
  • Firewall
  • Router
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Database

A
  • SQL Database
  • Oracle Database
  • DB2 (IBM)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Operating System

A
  • Windows
  • Unix/Linux
  • mainframe
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Categories of IT Applications

A
  • Authorization Checks
  • Calculation Checks
  • Completeness Checks
  • Interface Checks
  • Validity Checks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Audit Logs

A

One of the easiest ways to verify that access control mechanisms are performing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How we test infrastructure

A
  1. Send a request list or script to obtain security settings of servers.
  2. Sit with auditee to obtain settings via screenshot from servers.
  3. Perform vulnerability scanning using NESSUS tool made by McAffee, and WebInspect made by HP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IT auditing Job Interview (33 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions