Exam 2 (Material from Chapters 9 - 10)

Question 1

A ____ is a crucial type of evaluation to avoid a data breach.

Answer 1

security audit

Question 2

Auditing a computer system involves checking to see how its operation has met what?

Answer 2

security goals

Question 3

T/F: Audit tests may be manual or automated.

Answer 3

True

Question 4

Before you can determine whether something has worked, you must first define how it’s supposed to work. This is known as?

Answer 4

Assessing a system

Question 5

Security policy should define ______ actions.

Answer 5

acceptable and unacceptable

Question 6

In this permission level, everything is allowed.

Answer 6

Promiscuous

Question 7

In this permission level, anything not specifcally prohibited is okay.

Answer 7

Permissive

Question 8

In this permission level, A reasonable list of things is permitted, and all others are prohibited.

Answer 8

Prudent

Question 9

In this permission level, very few things are permitted; all others are prohibited and carefully monitored

Answer 9

Paranoid

Question 10

Explain the difference between SOC 1, SOC 2, and SOC 3 reports.

Answer 10

See Slide 12 from chapter 10

Question 11

____ is the standard to which a system is compared to determine whether it is securely configured.

Answer 11

Benchmark

Question 12

Host intrusion detection system (HIDS), System integrity monitoring, and data loss prevention(DLP) is an example of what?

Answer 12

real-time monitoring

Question 13

Application logging and system logging are examples of what?

Answer 13

non-real time monitoring