ISC Deck 2 - multi-unit

Question 1

What is the principle that a security architecture is designed so that each entity is granted the minimum system resources and authorizations that the entity requires to perform its function?

Answer 1

Least privilege

Question 2

What is the principle that a user has a legitimate reason to access a resource or system?

Answer 2

Need to know

Question 3

What is the principle that is designed to minimize uncertainty in enforcing access decisions in information systems and services?

Answer 3

Zero trust

Question 4

Which mitigation concept approach uses several layers of defense to secure the IT environment?

Answer 4

Layered security

Question 5

From the attacker’s perspective, what are the stages of a cyberattack?

Answer 5

1. Reconnaissance
2. Scanning
3. Gaining access
4. Escalation of privileges
5. Maintaining access
6. Network exploitation
7. Covering tracks

Question 6

What are not testing procedures consistent with an auditor’s assessment of IT security procedures?

Answer 6

1) Interviews with customers
2) Examining logs for evidence of mgmt analysis & review

Question 7

What are some testing procedures consistent with an auditor’s assessment of IT security procedures? (HINT: Inquiry and observation)

Answer 7

1) Surveys & questionnnaires
2) Review incident reports
3) Interviews with mgmt & staff

Question 8

What does identification and authentication include?

Answer 8

1) Identifying a user for an application
2) Proving a user’s identity
3) Proving an application’s identity

Question 9

What are the 4 authorization models?

Answer 9

1) Mandatory access control (MAC) - used in high security environments with strigent access control requirements
2) Role-based access control (RBAC) - suited for larger organizations with clearly defines roles and permissions
3) Attribute-based access control (ABAC)- grants permissions based on attributes of user, resource, and environment. Suitable for complex environments
4) Discretionary access control (DAC) - suited for smaller or less security intensive environments.

Question 10

What is a critical consideration independent of backup type when determining a backup strategy?

Answer 10

Data retention policies.

Question 11

Which of COSO’s Internal control component best defines how it selects, develops, and performs evaluations to assess the design and operating effectiveness of internal controls that address cyber risk?

Answer 11

Monitoring activities

Question 12

In database design, what is the primary purpose of normalization?

Answer 12

Avoiding data anomalies.

Question 13

At what stage of a cyberattack is the perpetrator capable of preparing and delivering the attack?

Answer 13

Network exploitation.

Question 14

Version 8 of the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) is comprised of 18 individual controls. Which of the following is not included as one of these 18 controls?

Answer 14

Intruder defenses is NOT included.
NOTE: Data protection, malware defenses, and network monitoring and defense are all controls under the CIS Controls.

Question 15

What is the main role of servers in an IT system?

Answer 15

Providing a service to other computers or programs called clients.

Question 16

What is a characteristic of a data warehouse?

Answer 16

It supports a centralized data management system.

Question 17

What is the purpose of the SQL command ORDER BY?

Answer 17

The command sorts the result set based on one or more columns. (ex. in ascending or descending order)

Question 18

Under Review & Revision component of the COSO enterprise risk management framework applied to cloud computing governance, what description is associated with the key activity that includes evaluating cloud service providers (CSPs)?

Answer 18

Reviewing entity performance and considering risk.

Question 19

What is the four phase process for incident response handling?

Answer 19

1) Preparation
2) Detection and analysis
3) Containment, eradication & recovery
4)Post incident activity

Question 20

What are an auditor’s procedures for evaluating an organization’s response to incidents?

Answer 20

1) Review the incident response plan
2) Examine the incident documentation
3) Interview key personnel
4) Assess incident ID and reporting
5) Assess incident classification and prioritization
6) Evaluate response procedures
7) Evaluate communication
7) Assess post incident review
8) Review incident response testing procedures

Question 21

Name a detective control which produces reports to a management station when detecting malicious network activities.

Answer 21

Intrusion Detection System (IDS)

Question 22

Within the layered security approach, each layer where data communications within and across networks are protected can best be defined as

Answer 22

Transmission level security

Question 23

Name a data management control that encrypts data in transit?

Answer 23

Transport Layer Security

Question 24

What should an effective data management process be based on?

Answer 24

Data sensitivity

Question 25

What is the primary purpose of testing change control policies for IT resources?

Answer 25

The primary purpose of testing change control policies is to identify any deviations from expected outcomes and investigate the causes to ensure effectiveness.

Question 26

What is attack-centric modeling

Answer 26

A threat modeling framework that focuses on identifying threats with the greatest chance of success and the security controls for mitigating those threats.