Exam 2 (Material from Chapters 9 - 10) Flashcards

1
Q

A ____ is a crucial type of evaluation to avoid a data breach.

A

security audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Auditing a computer system involves checking to see how its operation has met what?

A

security goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F: Audit tests may be manual or automated.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Before you can determine whether something has worked, you must first define how it’s supposed to work. This is known as?

A

Assessing a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security policy should define ______ actions.

A

acceptable and unacceptable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In this permission level, everything is allowed.

A

Promiscuous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In this permission level, anything not specifcally prohibited is okay.

A

Permissive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In this permission level, A reasonable list of things is permitted, and all others are prohibited.

A

Prudent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In this permission level, very few things are permitted; all others are prohibited and carefully monitored

A

Paranoid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the difference between SOC 1, SOC 2, and SOC 3 reports.

A

See Slide 12 from chapter 10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

____ is the standard to which a system is compared to determine whether it is securely configured.

A

Benchmark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Host intrusion detection system (HIDS), System integrity monitoring, and data loss prevention(DLP) is an example of what?

A

real-time monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Application logging and system logging are examples of what?

A

non-real time monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly