Question 1 (5 points) A company needs to conduct testing of technical controls as part of an IT Security Audit. Which of the following types of testing allows the auditor to have full knowledge of the internals for the system(s) under test at the time t
Here are the suggested answers to your questions based on the information provided and common knowledge in the field of IT and cybersecurity:
**Question 1:**
**Answer: White box testing**
White box testing allows the auditor to have complete knowledge of the internal structure, design, and implementation of the system being tested.
---
**Question 2:**
**Answer: None of the listed choices are correct.**
For high-speed, high-volume transmission of video data, protocols like RTP (Real-time Transport Protocol) or UDP (User Datagram Protocol) are often preferred, although these specific options were not listed.
---
**Question 3:**
**Answer: EAL4**
EAL4 provides a level of analysis that includes semi-formal verification of design and testing, which is suitable for CPUs and APUs.
---
**Question 4:**
**Answer: Develop and adopt formal procedures defining the processes used to manage software development.**
To progress from CMMI Level 1 to Level 3, it is important to establish formal procedures.
---
**Question 5:**
**Answer: Adding perimeter defenses such as firewalls to limit network access.**
This is often the most practical initial strategy for enhancing security without significant changes to legacy applications.
---
**Question 6:**
**Answer: Accuracy with respect to identifying and preventing incidents that could result in sensitive data being disclosed or released to unauthorized individuals.**
Accuracy in identifying and preventing sensitive data exposure is crucial in DLP tools.
---
**Question 7:**
**Answer: FTP, Application Layer**
FTP is a network protocol that operates at the Application Layer and can have vulnerabilities exploited by attacks targeting file servers.
---
**Question 8:**
**Answer: Wireless need extra security measures to prevent eavesdropping. Wired networks have security built in.**
Wireless networks inherently have security challenges that typically require additional measures compared to wired networks.
---
**Question 9:**
**Answer: Comprehensive and complete lists of jobs (roles) and duties (job descriptions) that include information access needs.**
This documentation aids in justifying access management in compliance with least privilege and separation of duties principles.
---
**Question 10:**
**Answer: Data Loss Prevention (DLP) system**
A DLP system is specifically designed to prevent unauthorized access to sensitive data.
---
**Question 11:**
**Answer: Implement Wireless Equivalent Privacy plus digital certificates to authenticate devices to the wireless networks.**
This would enhance security for wireless networks by adding authentication layers.
---
**Question 12:**
**Answer: All of the listed choices are required.**
All these components are essential for effective Enterprise Identity Management.
---
**Question 13:**
**Answer: Source Code Repository with Version Control**
This tool provides essential security for managing and protecting source code among development team members.
---
**Question 14:**
**Answer: Privacy is about the individual's control over sensitive information pertaining to the individual; security is about the methods used to provide control over information.**
This choice accurately captures the essence of both concepts.
---
**Question 15:**
**Answer: SCADA as a Service**
This option would be best suited for supporting SCADA systems in a cloud environment.
---
**Question 16:**
**Answer: Exploitation**
Exploitation occurs after the payload is delivered to the target system.
---
**Question 17:**
**Answer: Connecting an existing vulnerability to a feasible attack and a threat capable of executing that attack.**
This definition succinctly captures the purpose of threat modeling.
---
**Question 18:**
**Answer: Integrated Product Team**
This type of team collaborates across functions for software improvement.
---
**Question 19:**
**Answer: Uncertainty of costs of assets.**
This is generally not a goal of risk analysis, as it focuses on threats and probabilities rather than costs specifically.
---
**Question 20:**
**Answer: Integrity could be compromised by an attacker and go undetected for extended periods of time.**
This is a significant threat as compromised backups can go unnoticed, leading to severe data losses.
---
I hope this helps! Let me know if you have any further questions.