Udemy-Domain 6 Flashcards
a security ___ tests existing systems against a published industry standard
Audit
a SOC 2 Type ___ report focusses on the Suitability of control designs
1
a SOC 2 Type ___ report focuses on the Suitability and Effectiveness of controls
2
Pen testing follows the following 6 steps:
- Planning
- Reconnaissance
- Scanning
- Vulnerability Assessment
- Exploitation
- Reporting
Pen testing can be done on a ___ environment, but since it is not a perfect copy of our working network the vulnerabilities will not be the same
DR (Disaster Recovery)
___ is when a modem automatically dials a list of phone numbers hoping to reach another modem
war dialing
___ is driving (or walking) around looking for wireless access points
war driving
___ testing is testing certain sections of code in isolation
unit
___ testing is testing the handling of data passed between units of subsystems within software
component interface
___ is used to test operational readiness of code as part of quality assurance
operational acceptance
___ testing looks for defects in code after a major change has occurred
regression
___ testing is inputting different values into a program to try to break it, then iteratively modifying the values entered depending on the response of the program
mutating fuzzing
___ or ___ testing tries to break a program by inputting examples of data that meet all the possible criteria (upper/lower bounds, valid/invalid, etc.) rather than all possible values
all pairs; pairwise
___ testing attempts to break a program with intentionally malicious data entry a normal user would never consider
misuse case
a ___ examines how much of our code has been tested to make sure there are no significant gaps in testing
test coverage analysis
