In the OSI model, the layer that manages complete data transfer by providing end-to-end communication control, sequencing, & error checking is called ___.
A VPN uses public key for __.Establishing SessionsWireshark is used to __.Inspect PacketsOWASP ZAP is used for __.Test Site VulnerabilityNmap is used for __.Map Network StructureA tool to test end-to-end connection is__.PingWhich is incorrect about application & general controls?
A. Application controls deals with specific systems or applications. Relevant to access, input, processing, and output.
B. General Controls deals with the organization, ensuring that information systems are reliable and that behavior can be predicted
C. General controls enhance data confidentiality
D. Application control enhances system availabilityD. Applications controls do not enhance system availability.Data quality includes all of the following except __.
A. Accuracy
B. Validity
C. Completeness
D. VarietyD. VarietyAll of the following can be applied for application control except __.
A. Input Control
B. Environmental Control
C. Authentication
D. Log AnalysisB. Environmental ControlGeneral controls include all of the following except __.
A. Input Control
B. Disaster Recovery
C. Physical Control
D. User TrainingA. Input ControlWhich of the following is not included in logical access control?
A. Administration
B. Password Administration in System Settings
C. Log Management and Analysis
D. All the Above are Logical Access ControlsD. All are logical access controlsWhich of the following is not a good practice in user ID management?
A. Each user gets a different ID for different systems
B. The format of user IDs is standardized
C. Guest accounts should be disabled
D. User IDS be logged out automatically if no activity has occurred for a period of timeA. Each user gets a different ID for different systemsWhich of the following practices about initial passwords should be prevented?
A. Initial password should be generated by the system or the system administrator
B. Users should be forced to change the password on initial login
C. Initial password can be used until the next scheduled password change
D. User ID and initial password should be communicated in a controlled mannerC. Initial password can be used until the next scheduled password changeWhich of the following is the most restrictive in terms of logical access control?
A. Mandatory Access Controls (MAC)
B. Discretionary Access Control (DAC)
C. Role-Based Access Control (RBAC)
D. Rule-Based Access controlA. Mandatory Access Controls (MAC)An access control list (ACL) is used for __.Discretionary Access ControlWhat events should be logged on a computer system?
A. Log on/off
B. Log on success/fail
C. Privilege escalation
D. All the above should be loggedD. All should be loggedIn logical access control, if a condition for access is not explicitly met, then it should be __.DeniedAuthorization controls include all of the following except __.
A. ACL
B. Least Privilege
C. Privilege Escalation
D. Prevention of Bypassing AuthorizationsPrivilege EscalationThe design, implementation & maintenance of countermeasures that protect physical resources of an organization is called __.Physical Access ControlAll of the following can be used to control the environment of a data center except __.
A. Fire Control
B. Water Control
C. UPS
D. SprinklerD. SprinklersWhich of the following statements about air gapping is correct?
A. Air gapping adds physical distance between computer networks
B. Air gapping isolates computer networks from each other
C. Air gapping protects against advertent transmission
D. All of the above are correctB. Air gapping isolates computer networks from each otherThe application of sociological principles to solve technological or engineering problems is called __.Social EngineeringWhich of the following is not an example of social engineering skills?
A. Making it personal
B. Logical deduction
C. Brute-force
D. PreloadingC. Brute-ForceApache, nginx, & Internet Information Service (IIS) are examples of __.Web Server SoftwareIBM WebSphere & Oracle WebLogic are examples of __.Application Server SoftwareAll of the following can increase web session security except __.
A. Use SSL or other encryption methods for session management
B. Use cookies on a password-protected computer
C. Encrypt the contents of the cookies
D. Avoid storing authentication credentials in cookiesB. Use cookies on a password-protected computerError handling can cause web security risk because it __.Reveals the web application used to process the dataRequirements for successful outsourcing include all of the following except __.
A. Fully trust the service provided and minimize the need for service auditing
B. Data privacy issues need to be considered
C. Define how work will be initiated, transferred, and received from the third party
D. Use of standard consistent with the client companyA. Fully trust the service provided & minimize the need for service auditingRisks of outsourcing include all of the following except __.
A. Supplier Stability
B. Geopolitical risk
C. Intellectual property issues
D. Service availabilityD. Service AvailabilityReport on controls at a service organization relevant to user entities' internal control over financial reporting as of the time of the review is __.SOC 1, Type 1Report on 1+ trust services categories included in the AICPA 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, & Privacy (TSP 100), at the time of the review, is the __.SOC 2, Type 2Student Loan Processor is a candidate for __ report.SOC 1The TSP includes criteria in 5 key categories, including all of the following except __.
A. Privacy
B. Functionality
C. Availability
D. SecurityB. FunctionalityThe ability of an organization to maintain essential functions during, as well as after, a disaster has occurred is called __.Business ContinuityA process to evaluate & determine the potential effects of an interruption of services to critical business operations as the result of a disaster, accident, or emergency is called __.Business Impact Assessment (BIA)How long can the organization go without the operation being online or as intended is called __.Recovery Time Objectives (RTO)How far back does the process, application or system need to be recovered to support normal operations is called __.Recovery Point Objectives (RPO)
