PREGUNTA 1 de 20
113. Which audit should be done to address the concern about the length of time the service provider has been in business?
⚪
A)
SOC2
⚪
B)
SOC1
⚪
C)
SOC3
⚪
D)
Noneoftheabove
PREGUNTA 2 de 20
114. What audit should be done to provide assurance about the availability and confidentiality of the service provider?
⚪
A)
SOC1
⚪
B)
SOC2
⚪
C)
SOC3
⚪
D)
SOC4
PREGUNTA 3 de 20
115. What type of audit should be done on the service provider?
⚪
A)
Type I
⚪
B)
Type II
⚪
C)
Type III
⚪
D)
Type IV
PREGUNTA 4 de 20
116. Which trust services principles are most appropriate for the auditor to focus on?
⚪
A)
Confidentiality and availability
⚪
B)
Processing integrity and privacy
⚪
C)
Privacy and confidentiality
⚪
D)
Security and processing integrity
PREGUNTA 5 de 20
117. List examples of security awareness sources for an awareness program.
⚪
A)
Job skills development
⚪
B)
Posters with reminders to change password
⚪
C)
Procedures to test a system
⚪
D)
Accreditation of a tested system
PREGUNTA 6 de 20
118. What control is specified in ISO 27002 concerning test data?
⚪
A)
Test should not be done in production environments
⚪
B)
Test data are always a clear path to test schemes
⚪
C)
Test data are necessary in DevOps
⚪
D)
Test data should avoid containing personally identifiable information(PII)
PREGUNTA 7 de 20
119. Third-party assessments are ________
⚪
A)
Too costly
⚪
B)
Slow and ineffective
⚪
C)
Driven by some regulations
⚪
D)
Always necessary.
PREGUNTA 8 de 20
120. What is the primary purpose of a negative test?
⚪
A)
To verify the operating power of a system
⚪
B)
To ensure graceful handling of unexpected input
⚪
C)
Reconcile the identity proofing process
⚪
D)
Allow disparate organizations to share resources
PREGUNTA 9 de 20
121. Interface testing can be used to __________
⚪
A)
Check and verify if all the interactions between the application and a server are executed properly
⚪
B)
Check the connections between fail-safe and fail-secure
⚪
C)
Run test in a loop till errors are made evident.
⚪
D)
none of the above
PREGUNTA 10 de 20
122. Once code inspection is complete, what kind of software testing occurs?
⚪
A)
User acceptance testing
⚪
B)
Business case testing
⚪
C)
Unit level testing
⚪
D)
Test sophistication
PREGUNTA 11 de 20
123. Which of the following terms is most associated with the concept of need-to-know?
⚪
A)
Static testing
⚪
B)
Social engineering
⚪
C)
Compartmentalization
⚪
D)
Non disclosure agreements
PREGUNTA 12 de 20
Which of the following is not true about privileged accounts?
⚪
A)
Privileged account holders should be subject to more extensive background checks than regular account holders
⚪
B)
They should be temporary.
⚪
C)
They should be subject to more extensive auditing.
⚪
D)
They should be granted only for remote access.
PREGUNTA 13 de 20
125. Which of the following is not a benefit the organization realized from job rotation?
⚪
A)
Improved employee morale
⚪
B)
Reduction in single points of failure in staffing
⚪
C)
Elimination of the possibility of social engineering
⚪
D)
Aids in detecting internal threats
PREGUNTA 14 de 20
126. In which phase of the information lifecycle is data moved from the production environment into long-term storage?
⚪
A)
Create
⚪
B)
Share
⚪
C)
Store
⚪
D)
Archive
PREGUNTA 15 de 20
127. What is usually the enforcement mechanism of a service-level agreement (SLA)?
⚪
A)
Incarceration
⚪
B)
Regulatory capture
⚪
C)
Early withdrawal
⚪
D)
Financial penalties
PREGUNTA 16 de 20
Which of the following is not typically reflected in the asset inventory?
⚪
A)
The asset owner
⚪
B)
The asset size
⚪
C)
The asset location
⚪
D)
The asset value
PREGUNTA 17 de 20
129. All of the following departments typically will be represented on the Change Management Board (CMB) except:
⚪
A)
Sales/marketing
⚪
B)
Accounting/finance
⚪
C)
Security office
⚪
D)
The user community
PREGUNTA 18 de 20
130. What should always be included in the patch process?
⚪
A)
The option to roll back to the last known good system state
⚪
B)
Contacting the patch issuer to seek clarification
⚪
C)
Instant and immediate application of patches to all affected systems
⚪
D)
Regulator notification
PREGUNTA 19 de 20
131_Patches should be tested ________.
⚪
A)
daily
⚪
B)
in a test bed that mimics the production environment
⚪
C)
only on external, off-premise systems
⚪
D)
in the jurisdiction in which they were issued
PREGUNTA 20 de 20
132._Which of the following is a preventative measure to counter the possibility of lost/stolen media?
⚪
A)
Digital watermarking
⚪
B)
Proper and thorough labeling
⚪
C)
Online tracking mechanisms
⚪
D)
Secure disposal
Este test aún no tiene comentarios 🤔