Audits and Assessments

Question 1

Internal Audit

Answer 1

evaluation of the effectiveneness of internal (controls, complicance, integrity) of systems

Question 2

Internal Audit Focuses (Dp Ns Ac Ir)

Answer 2

Data Protection, Network Security, Access Controls, and Incident Response

Question 3

What does it mean to be compliant

Answer 3

the checkee met standards, regulations, and laws

Question 4

Audit Commitee

Answer 4

the group responsible for supervising the org’s audit

Question 5

Internal Assessment

Answer 5

In-depth analysis to identify/access potential risks and vulnerabilities internally

Question 6

Self Assessment

Answer 6

internal review conducted by an org to gauge adherance to specific standards

Question 7

Minnesota Counties Intergovernmental Trust (MCIT)

Answer 7

checklist to help aid/guidline the interal assessment

Question 8

External Audit

Answer 8

systematic evaluation carried out by external entities

Question 9

External Assessment

Answer 9

analysis conducted by independent entities to identify vulnerabilities and risks

Question 10

Regulatory Compliance

Answer 10

the objective that orginzations aim to reach in adherance to (laws, policies, and regulations)

Question 11

Examination

Answer 11

comprehensive security infrastructure inspections

Question 12

Internal Third-Party Audit

Answer 12

offers validation of security pratices and helps give trust to an org (Has to be reputable themselves first)

Question 13

Physical Penetration Testing

Answer 13

testing an org’s physical security such as locks, access cards, security cameras, and other protective measures

Question 14

Offensive Penetration Testing

Answer 14

proactive approach using attack techniques of real cyber threats

Question 15

Defensive Penetration Testing

Answer 15

reactive approach that entails fortifying systems, identifying attack space

Question 16

Integrated Pen Testing

Answer 16

Both offensive and defensive pen testing in one

Question 17

Reconnaissance

Answer 17

An initial phase where critical information about a target system is gathered to enhance an attack success rate

Question 18

Active Reconnaissance

Answer 18

Direct engagement with the target system to pull information

Question 19

Passive Reconnaissance

Answer 19

Doesn’t interact with the target system to get information

Question 20

Reconnaissance Environment

Answer 20

The targeted infrastructure information known prior to the test

Question 21

Metasploit

Answer 21

Computer security and pen-testing frameworks that help evaluate pen testing

Question 22

Reconnaissance Environment Types

Answer 22

Known, partially known, and unknown

Question 23

Software Attestation

Answer 23

Validating the integrity of software by checking that it hasn’t been tampered with

Question 24

Hardware Attestation

Answer 24

Validating the integrity of hardware components

Question 25

System Attestation

Answer 25

Validating the security posture of a system