30 Questions
What type of control is a Computer Incident Response Team (CIRT)?
Response
What is the primary function of authorization?
Restricting access to system resources
What is the goal of containment in an incident response process?
To prevent further damage from the incident
What is the first step in the attack process used by criminals?
Learn as much as possible about the target and its vulnerabilities
What is the primary function of a demilitarized zone (DMZ)?
To provide a separate network for controlled access to internal systems
What is not a basic step in an incident response process?
Patch management
What is the primary purpose of identifying controls in a risk assessment?
To mitigate or reduce risk
A company is considering implementing two control procedures to deal with a identified threat. What should be the primary consideration in deciding which control to implement?
The cost of implementing the control
What is the type of computer attack that encrypts data and demands payment in exchange for the decryption key?
ransomware
What is the concept of defense-in-depth?
Implementing multiple layers of security controls
What is the term for a computer attack that captures data from information items as it travels over networks?
packet sniffers
What is the primary purpose of continuous monitoring?
To detect security incidents
Which type of computer attack steals contact lists, images, and other data using Bluetooth?
bluesnarfing
What is the purpose of verifying the validity of credit or debit card numbers during an online transaction?
preventive controls
What should be the primary concern of information security?
Protecting confidentiality, integrity, and availability of information resources
What is the primary consideration for a managerial concern in information security?
Security policies and procedures
What is the key principle of the COBIT 5 framework?
ensuring an approach where governance is effectively managed
What is the term for a type of attack that takes place when you leave your phone's Bluetooth setting as discoverable and someone takes control of your phone and connects it to the Internet?
bluebugging
What is the purpose of aligning with other standards at a low level?
To create a comprehensive framework for IT governance and management
What is the primary focus of control activities in COSO's internal control model?
Control activities performed at the management level
What is the structure of the ERM model developed by COSO?
A rigid three-dimensional structure with four fixed management objectives
How does the ERM framework compare to the IC framework?
The ERM framework is more comprehensive than the IC framework
Which type of control is superior to others?
There is no superior type of control
What can assist management in reconciling the conflict between creativity and control?
Implementing a belief system that describes how a company creates value
According to best practices, why should emergency changes be documented?
To maintain a record of changes made
What is the purpose of change controls?
To segregate duties and maintain adequate controls
What is the most effective way for a firewall to protect the perimeter?
All of the above are equally effective
What is the primary risk associated with allowing employees to use personal portable devices to access corporate networks?
Employees may not consider security when using their devices
What is the term for modifying default configurations to turn off unnecessary programs and features to improve security?
Hardening
What is the term for a decoy system used to provide early warning that an insider or outsider is attempting to search for confidential information?
Honeypot
Test your knowledge of different types of security controls, including response, protection, and restriction controls. Identify the correct control procedures and their functions in information security.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
