Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

31. In what type of attack does the attacker send unauthorized commands directly

ID: 3802839 • Letter: 3

Question

31. In what type of attack does the attacker send unauthorized commands directly to a database? A. Cross-site scripting B. SQL injection C. Cross-site request forgery D. Database dumping

32. Ricky is reviewing security logs to independently assess security controls. Which security review process is Ricky engaging in? A. Monitor B. Audit C. Improve D. Secure

33. Christopher is designing a security policy for his organization. He would like to use an approach that allows a reasonable list of activities but does not allow other activities. Which permission level is he planning to use? A. Promiscuous B. Permissive C. Prudent D. Paranoid

34. Jacob is conducting an audit of the security controls at an organization as an independent reviewer. Which question would NOT be part of his audit? A. Is the level of security control suitable for the risk it addresses? B. Is the security control in the right place and working well? C. Is the security control effective in addressing the risk it was designed to address? D. Is the security control likely to become obsolete in the near future?

35. Which item is an auditor least likely to review during a system controls audit? A. Resumes of system administrators B. Incident records C. Application logs D. Penetration test results

36. Which audit data collection method helps ensure that the information-gathering process covers all relevant areas? A. Checklist B. Interviews C. Questionnaires D. Observation

37. Curtis is conducting an audit of an identity management system. Which question is NOT likely to be in the scope of his audit? A. Does the organization have an effective password policy? B. Does the firewall properly block unsolicited network connection attempts? C. Who grants approval for access requests? D. Is the password policy uniformly enforced?

38. What information should an auditor share with the client during an exit interview? A. Draft copy of the audit report B. Final copy of the audit report C. Details on major issues D. The auditor should not share any information with the client at this phase

39. What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system? A. Network IDS B. System integrity monitoring C. CCTV D. Data loss prevention

40. When should an organization's managers have an opportunity to respond to the findings in an audit? A. Managers should write a report after receiving the final audit report. B. Managers should include their responses to the draft audit report in the final audit report. C. Managers should not have an opportunity to respond to audit findings. D. Managers should write a letter to the Board following receipt of the audit report.

41. Which activity is an auditor least likely to conduct during the information-gathering phase of an audit? A. Vulnerability testing B. Report writing C. Penetration testing D. Configuration review

Explanation / Answer

31.

The SQL injection is a hacking technique which is used to hack a database using unauthorized commands. In this type of attack, an attacker sends malicious SQLstatements directly to the database in the form of SQLqueries.

Hence, the correct choice is B. SQL injection.

32.

The process in which a professional reviews the logs and ensures that the security control is assessed independently is called as audit process.

Hence, the correct choice is B. audit.

33.

The permission level which is used to allow a list of activities to be performed and peohibit all other activities is called as prudent permission level.

Hence, the correct choice is C. prudent.

34.

The audit process is used to review the level of security control, environment and working of security controls, the purpose of the security control which it addresses. The audit process does not review the time-period of the security controls.

Hence, the correct choice is D. is the security control likely to become obsolete in the near future.

35.

The system administrators act as an auditor while doing system control. These auditors have information about the process of system control.

Hence, the correct choice is A. resumes of system administrators.

36.

The data collection method which is used to collect information and ensures that it covers all the relevant areas is called as checklist.

Hence, the correct choice is A. checklist.

37.

The identity management system is used to manage the identities of individuals, authentication to increase the security and decreasing the cost. The scope of the audit of indentity management system includes following questions:

·       Does the organization have an effective password policy

·       Who grants approval for access requests

·       Is a password policy uniformlyenforced

All of the above questions are related to the identity management system but, the question b: does the firewall properly block unsolicited network connection attempts is beyond the scope of identity management system.

Hence, the correct choice is B. does the firewall properly block unsolicited network connection attempts.

38.

The auditor who is interviewing the clients would have confidential information about organization which should not be shared by anyone who is not concerned at any time.

Hence, the correct choice is D. the auditor should not share any information with the client at this phase.

39.

The tool which is most likely used to identify the unauthorized change to a computer system is called as system integrity monitoring. The professionals monitors the integrity of the system.

Hence, the correct choice is B. system integrity monitoring.

40.

The final audit report should include the responses of the organization’s managers saved in the draft audit report.

Hence, the correct choice is B. managers should include their responses to the draft audit report in the final audit report.

41.

The information gathering phase of an audit includes the following activities:

·       Vulnerability testing

·       Penetration testing

·       Configuration review

The auditors needs to gather some kind of information about all of the above activities but, report writing is not part of information gathering phase.

Hence, the correct choice is B. report writing.

Related Questions

31. Aside from the need to find a partner, which of the following is another maj
Question #3164810
31. Assume for 2013 that Don made one transfer involving his grandson as follows
Question #2379921
31. Assume that you have a cylinder with a movable piston. What would happen to
Question #906586
31. Assume the following facts about a Nevada property and calculate the total t
Question #2402891
31. Assume you pay a tax of $4,000 on an income of $20,000. If your income were
Question #1154789
31. Assuming Lincoln Company can parchase 5,000 units of the part from Erickson
Question #2567061
31. B. F. Skinner\'s work elaborated what E. L. Thorndike had called: A) shaping
Question #297396
31. Based on the above data, what is the amount of quick assets? a. $195,000 b.
Question #2409662
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
31. In the spring, you pass by a rocky outcrop that is dripping with water and c
Next
31. Kimbeth Manufacturing uses process costing to control costs in the manufactu

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.