Which security testing activity uses tools that scan for services running on systems?

QUESTION 1 Many jurisdictions require audits by law. O True False QUESTION 2 Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets. O True False

QUESTION 3 Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events. True False QUESTION 4 A report indicating that a system’s disk is 80 percent full is a good indication that something is wrong with that system. True False

QUESTION 5 Anomaly-based intrusion detection systems compare current activity with stored profiles of normal (expected) activity. True False QUESTION 6 An SOC 1 report is commonly implemented for organizations that must comply with Sarbanes-Oxley (SOX) or the Gramm-Leach-Bliley Act (GLBA). True False

QUESTION 7 Performing security testing includes vulnerability testing and penetration testing. True False QUESTION 8 The four main types of logs that you need to keep to support security auditing include event, access, user, and security. True False

QUESTION 9 Regarding security controls, the four most common permission levels are poor, permissive, prudent, and paranoid. True False QUESTION 10 During the secure phase of a security review, you review and measure all controls to capture actions and changes on the system. True False

QUESTION 11 Gina is preparing to monitor network activity using packet sniffing. Which technology is most likely to interfere with this effort if used on the network? Transmission Control Protocol/Internet Protocol (TCP/IP) Secure Sockets Layer (SSL) Domain Name System (DNS) Dynamic Host Configuration Protocol (DHCP) QUESTION 12 Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? Monitor Audit Improve Secure

QUESTION 13 Which item is an auditor least likely to review during a system controls audit? Resumes of system administrators Incident records Application logs Penetration test results QUESTION 14 Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work? Security information and event management (SIEM) Intrusion prevention system (IPS) Data loss prevention (DLP) Virtual private network (VPN)

QUESTION 15 What is a set of concepts and policies for managing IT infrastructure, development, and operations? O ISO 27002 Control Objectives for Information and related Technology (COBIT) IT Infrastructure Library (ITIL) O NIST Cybersecurity Framework (CSF) QUESTION 16 What is NOT generally a section in an audit report? O Findings System configurations Recommendations Timeline for Implementation

QUESTION 17 Which intrusion detection system strategy relies upon pattern matching? Behavior detection Traffic-based detection Statistical detection O Signature detection QUESTION 18 Fran is conducting a security test of a new application. She does not have any access to the source code or other details of the application she is testing. What type of test is Fran conducting? Black-box test White-box test Grey-box test Blue-box test

QUESTION 19 Which security testing activity uses tools that scan for services running on systems? Reconnaissance Penetration testing Network mapping Vulnerability testing QUESTION 20 Anthony is responsible for tuning his organization’s intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring? Remote administration error False positive error Clipping error False negative error