F1

Question 1

Difference between Public and Community?

Answer 1

Public does not allow for redundancy and data sharing with industry peers.

Question 2

Who would not be part of the intended audience for NIST SP 800-53?

Answer 2

Individuals with marketing and advertising responsibilities

Question 3

What is NIST SP 800-53?

Answer 3

Protects information systems against sophisticated threats.

Question 4

When would independence be needed by an auditor for a subservice.

Answer 4

When the organizations management used the inclusive method.

Question 5

When do service auditors report on subsequent events.

Answer 5

Auditors don’t have to perform any procedures after the date of service but must appropriately respond to any subsequently discovered event.

Question 6

What is an SQL injection attack?

Answer 6

Application based attack in which an attacker injects malicious SQL code into existing SQL code on a company’s website to gain unauthorized access to a company’s data.

Question 7

What is a Network based attach>

Answer 7

Target the infrastructure of a network including switches, routers, servers, and cabling with the intent to gain unauthorized access or disrupt operations for users.

Question 8

Supply chain attack?

Answer 8

Target the production and distribution of goods within a supply chain so that there are larger disruptions in the normal operations of a company, government, or other entity.

Question 9

Host based attack?

Answer 9

Target a single host such as a laptop, mobile device, or a server to disrupt functionality or obtain unauthorized access. SQL injections do not target a single host but rather the website’s database.

Question 10

What cycle do these fall into voucher, production schedule, receipt, earnings statement?

Answer 10

Purchasing and disbursement cycle.
Production cycle.
Revenue cycle.
payroll cycle.

Question 11

What is not a disadvantage of outsourcing?

Answer 11

Risk Mitigation.

Question 12

SOC 1 enagemnt would not focus on?

Answer 12

Applicable trust SOC 2 and 3 would.
Also only SOC 2 focuses on effective operations of controls.

Question 13

SQL?

Answer 13

Is the most likely used when running queries to retrieve specific subsets within a data when performing data extraction.
JavaScript is more focused on Web programming and a host of other applications.

Question 14

What is a Software-defined wide-area network (SD-WAN) devices?

Answer 14

Networks that are optimized using software that is integrated into the hardware, rather than solely physical connections.

Question 15

What is application network gateway?

Answer 15

Resource-intensive devices that inspect packets but do not assign IP addresses to other devices on the same network as their primary function.

Question 16

What is a circuit-level gateway?

Answer 16

Is a form of firewall that verifies the source of data packets that traverse its network, but its primary purpose is not to share IP addresses with other machines.

Question 17

What is sampling risk?

Answer 17

The risk that a sample is not representative of the population.

Question 18

Detection risk?

Answer 18

The risk that the service auditor will fail to find material misstatements or deviations that are present.

Question 19

Who uses SOC 1 reports.

Answer 19

The independent auditors of the user entity?

Question 20

The trust services categories include:

Answer 20

Availability, confidentiality, privacy, processing integrity, and security.

Question 21

Service commitments?

Answer 21

Are declarations that may result in specific system requirements.