Security Assessment and Testing

Question 1

What is the most important step of planning a security audit?

Answer 1

Setting a clear set of goals.

Question 2

SOC 1 pertains to financial controls. What does SOC stand for?

Answer 2

Service Organization Controls

Question 3

SOC 2 is a very detailed report that pertains to trust services. (Security, Availability, Confidentiality, Process Integrity, and Privacy). Is it intended for publication to the general public?

Answer 3

No. SOC 3 is.

Question 4

You want a non-intrusive test of your security by a third party that doesn’t know your network at all. What kind do you want?

A. White Box Penetration Test
B. Black Box Penetration Test
C. White Box Vulnerability Test
D. Black Box Vulnerability Test

Answer 4

D

Question 5

You want a thorough test of your security by a third party that knows your network a little, but not completely. Your internal security team will not be aware of the testing. What kind do you want?

A. Black Box Penetration Test, Blind Test
B. Grey Box Penetration Test, Double Blind Test
C. Grey Box Vulnerability Test, Double Blind Test
D. White Box Vulnerability Test, Blind Test

Answer 5

B

double-blind aka stealth assessment

Question 6

You want a thorough test of your security by a third party that knows only publicly available data. Your internal security team will be aware of the testing What kind do you want?

A. Double Blind Test
B. Blind Test
C. Grey Box
D. White Box

Answer 6

B

Question 7

These are scripted events that mimic the behaviors of real users and allow security professionals to systematically test the performance of critical services.

Answer 7

Synthetic transactions

think INTERMAPPER

Question 8

The systematic testing of a given set of exchange points for data between systems and/or users.

A. Code Review
B. Log Review
C. Interface Testing
D. Management Review

Answer 8

C

Question 9

___________ measure the risk inherent in performing a given action or set of actions.

Answer 9

KRI

Key Risk Indicators

Question 10

A formal meeting to determine whether the information security management systems are effectively accomplishing their goal.

A. Code Review
B. Log Review
C. Interface Testing
D. Management Review

Answer 10

D

Question 11

Which of the following is not a good step to take to prevent log tampering?

A. Replication
B. Cryptographic hash chaining
C. Remote Logging
D. Write Once Media
E. Duplex communication

Answer 11

E

Question 12

The process of teaching a security set of skills that will allow people to perform specific functions better.

Answer 12

Security Training

Question 13

The process of exposing people people to security issues so that they may be able to recognize them and better respond to them.

Answer 13

Security Awareness Training

Question 14

Social Engineering through a digital form

Answer 14

phishing

Question 15

A used case that includes threat actors and the tasks they want to perform on the system

Answer 15

misuse case