Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
|
What is an audit? |
An audit is a systematic way of evaluating and testing ppl, processes, and systems and data within an information system. |
|
|
Internal vs External Audits |
Internal audits allow the organization to be more agile in its assessment efforts. While external auditors generally have seen and tested many more systems in different organizations. |
|
|
The SOC 1, 2, 3 audits are used to evaluate service organizations. What is the difference between the three? |
SOC 1 evaluates financial controls. SOC 2 focuses on security, availability, confidentiality, process intergrity, and privacy. SOC 3 is the same as SOC 2 but it is allow to be released to the public as it doesn't include the details of the report. |
|
|
Vulnerability Testing |
It is a point in time testing on controls, systems, ppl that evaluate the security posture of an environment. |
|
|
Vulnerability can be used to test three areas, what are they? |
Personnel, physical space, system and network testing. |
|
|
Name the 3 colors used to understand how much prior knowledge of the system in question is known before conducting a vulnerability or penetration test. |
Black box: tester knows nothing and used for outsider attacks White box:tester knows everything and used for an insider attacker Grey box:tester is somewhere in the middle of the previous approaches. |
|
|
What is pentration testing? |
The process of an outsider and an organization's leaders teaming up to simulate an attack on a network, system or application to understand its weaknesses. |
|
|
When conducting a pen test what is the five step process? |
1. Discovery of the target footprint. 2. Emuneration - port scanning, resource identification methods. 3. Mapping out vulnerabilities. 4. Attempt to exploit the vulnerabilities. 5. Report to management documentation of the test findings. |
|
|
What is a blind test for? |
A blind test is one which the assessors only have publicly available data to work with but the network group doesnt know the test is taking place. |
|
|
What is the double blind test in regards to pen testing? |
It's also a blind test but it doesn't allow the network professionals to be aware that the testing is taking place. |
|
|
What are Target Tests in regards to pen test? |
Targeted test are test that are focused on finding vulnerabilities in a specific system, application or network. |
|
|
What is war dailing? |
War dailing is an attackers attempt to enter a phone or fax system by calling random blocks numbers to locate a modem. |
|
|
What is difference between a kernel flaw and a buffer oveflow? |
Kernel flaws are when an attacker takes advantage of a vulnerability that is deep inside the operating system. While buffer overflow is when an attacker takes advantage of poor programming by sending multiple strings of data beyond the capacity an app has allocated and causes the app to execute code that the attacker inputs into the program code. |
|
|
What is the difference between a symbolic kink and a file descriptor attack? |
A symbolic link is used for Unix or Linux and it allows the attacker to compromise the link itself. While file descriptor attacks come into play when an attacker takes advantage of the numbering system used to represent the open files in a process. |
|
|
What are file and directory permission vulnerabilities? |
They are when files and directories aren't protected against unauthorized access. |
|
|
What is significant about time in regards to log reviews? |
Time should be the same across an organization to make that during an incident investigation the timing of events are accurate as possible. |
|
|
What are some ways to prevent log tampering? |
1. Move the logs to a remote location 2. Allow one communication to log location 3. Store the logs in more than one location 4. Use write once media.l 5. Cryptographic hash chaining |
|
|
What is synthetic transaction vs a real user monitoring? |
Real User Monitoring is a transaction that is done by a user of the system while a synthetic transaction is a written script acting as a user. |
|
|
Which comes first the use case or the Misuse case? |
The use case and the misuse case is created out of it. |
|
|
Interface testing Boundary conditions Intergration testing |
Interface testing should be done at both good and bad exchanges points to ensure they perform properly. Boundary conditions are the point of a good exchange and a bad exchange point. Intergration testing is how two apps, or system parts interact with one another. |
|
|
Account Management |
-Adding account user: AUP acceptable use policy is important during this step -Modifying account roles or access: important not to default to highest levels of control instead of allow control only where it is required -Suspending account user: deleting account should be in accordance with the data retention plan |
|
|
What is the least often you should complete DR drills and exercises? |
At least annually. |
|
|
Should protection of life be handled before computer in the event of an emergency? |
Yes |
|
|
What is social engineering? |
It is the practice of manipulating company personnel to violate security protocol. |
|
|
What is pretexting? |
It is the practice of creating a believe able situation to manipulate someone into violating security |
|
|
A good technical audit report has what key elements? |
-names the threats -names the vulnerabilities -probability of exploitation -impact of exploitation -recommended actions |
