SCI

Question 1

113. Which audit should be done to address the concern about the length of time the service provider has been in business?

Accepted Answer

SOC1

Answer

SOC2

Answer

SOC3

Answer

Noneoftheabove

Question 2

114. What audit should be done to provide assurance about the availability and confidentiality of the service provider?

Accepted Answer

SOC2

Answer

SOC1

Answer

SOC3

Answer

SOC4

Question 3

115. What type of audit should be done on the service provider?

Accepted Answer

Type II

Answer

Type I

Answer

Type III

Answer

Type IV

Question 4

116. Which trust services principles are most appropriate for the auditor to focus on?

Accepted Answer

Confidentiality and availability

Answer

Processing integrity and privacy

Answer

Privacy and confidentiality

Answer

Security and processing integrity

Question 5

117. List examples of security awareness sources for an awareness program.

Accepted Answer

Posters with reminders to change password

Answer

Job skills development

Answer

Procedures to test a system

Answer

Accreditation of a tested system

Question 6

118. What control is specified in ISO 27002 concerning test data?

Accepted Answer

Test data should avoid containing personally identifiable information(PII)

Answer

Test should not be done in production environments

Answer

Test data are always a clear path to test schemes

Answer

Test data are necessary in DevOps

Question 7

119. Third-party assessments are ________

Accepted Answer

Driven by some regulations

Answer

Too costly

Answer

Slow and ineffective

Answer

Always necessary.

Question 8

120. What is the primary purpose of a negative test?

Accepted Answer

To ensure graceful handling of unexpected input

Answer

To verify the operating power of a system

Answer

Reconcile the identity proofing process

Answer

Allow disparate organizations to share resources

Question 9

121. Interface testing can be used to __________

Accepted Answer

Check and verify if all the interactions between the application and a server are executed properly

Answer

Check the connections between fail-safe and fail-secure

Answer

Run test in a loop till errors are made evident.

Answer

none of the above

Question 10

122. Once code inspection is complete, what kind of software testing occurs?

Accepted Answer

Unit level testing

Answer

User acceptance testing

Answer

Business case testing

Answer

Test sophistication

Question 11

123. Which of the following terms is most associated with the concept of need-to-know?

Accepted Answer

Compartmentalization

Answer

Static testing

Answer

Social engineering

Answer

Non disclosure agreements

Question 12

Which of the following is not true about privileged accounts?

Accepted Answer

They should be granted only for remote access.

Answer

Privileged account holders should be subject to more extensive background checks than regular account holders

Answer

They should be temporary.

Answer

They should be subject to more extensive auditing.

Question 13

125. Which of the following is not a benefit the organization realized from job rotation?

Accepted Answer

Elimination of the possibility of social engineering

Answer

Improved employee morale

Answer

Reduction in single points of failure in staffing

Answer

Aids in detecting internal threats

Question 14

126. In which phase of the information lifecycle is data moved from the production environment into long-term storage?

Accepted Answer

Archive

Answer

Create

Answer

Share

Answer

Store

Question 15

127. What is usually the enforcement mechanism of a service-level agreement (SLA)?

Accepted Answer

Financial penalties

Answer

Incarceration

Answer

Regulatory capture

Answer

Early withdrawal

Question 16

Which of the following is not typically reflected in the asset inventory?

Accepted Answer

The asset size

Answer

The asset owner

Answer

The asset location

Answer

The asset value

Question 17

129. All of the following departments typically will be represented on the Change Management Board (CMB) except:

Accepted Answer

Sales/marketing

Answer

Accounting/finance

Answer

Security office

Answer

The user community

Question 18

130. What should always be included in the patch process?

Accepted Answer

The option to roll back to the last known good system state

Answer

Contacting the patch issuer to seek clarification

Answer

Instant and immediate application of patches to all affected systems

Answer

Regulator notification

Question 19

131_Patches should be tested ________.

Accepted Answer

in a test bed that mimics the production environment

Answer

daily

Answer

only on external, off-premise systems

Answer

in the jurisdiction in which they were issued

Question 20

132._Which of the following is a preventative measure to counter the possibility of lost/stolen media?

Accepted Answer

Secure disposal

Answer

Digital watermarking

Answer

Proper and thorough labeling

Answer

Online tracking mechanisms

SCI

🔥 Quizzes populares

TEST DE MILIPILI

¿Puedes reconocer a Stray Kids por una parte de su cuerpo?

Tincho

TEST DE TURRA

Test para asesinos.

cuantos estandares de belleza cumples en corea del sur

Comentarios · 0