Loading...
Internal Audit day 1 review
QuizΒ by Cheryl Marie Pilao
Customize this quiz to suit your class
Instantly translate to 100+ languages
Tag the questions with any skills you have. Your dashboard will track each student's mastery of each skill.
Give this quiz to my class
Multiple Choice Questions A6. Youβve hired a third-party to gather information about your companyβs servers and data. The third-party will not have direct access to your internal network but can gather information from any other source. Which of the following would BEST describe this approach? β A. Backdoor testing β B. Passive footprinting β C. OS fingerprinting β D. Partially known environment A7. Which of these protocols use TLS to provide secure communication? (Select TWO) β A. HTTPS β B. SSH β C. FTPS β D. SNMPv2 β E. DNSSEC β F. SRTP A8. Which of these threat actors would be MOST likely to attack systems for direct financial gain? β A. Organized crime β B. Hacktivist β C. Nation state β D. Competitor A9. A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO) β A. Partition data β B. Kernel statistics β C. ROM data β D. Temporary file systems β E. Process table Quick Answer: 33 The Details: 43 Quick Answer: 33 The Details: 44 Quick Answer: 33 The Details: 45 Quick Answer: 33 The Details: 46 6 Practice Exam A - Questions A10. An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices? β A. IoT β B. RTOS β C. MFD β D. SoC A11. Which of the following standards provides information on privacy and managing PII? β A. ISO 31000 β B. ISO 27002 β C. ISO 27701 β D. ISO 27001 A12. Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration? β A. Create an operating system security policy to prevent the use of removable media β B. Monitor removable media usage in host-based firewall logs β C. Only allow applications that do not use removable media β D. Define a removable media block rule in the UTM Quick Answer: 33 The Details: 47 Quick Answer: 33 The Details: 48 Quick Answer: 33 The Details: 49 Practice Exam A - Questions 7 A13. A CISO (Chief Information Security Officer) would like to decrease the response time when addressing security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement? β A. ISO 27701 β B. PKI β C. IaaS β D. SOAR A14. An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies: β’ Access records from all devices must be saved and archived β’ Any data access outside of normal working hours must be immediately reported β’ Data access must only occur inside of the country β’ Access logs and audit reports must be created from a single database Which of the following should be implemented by the security team to meet these requirements? (Select THREE) β A. Restrict login access by IP address and GPS location β B. Require government-issued identification during the onboarding process β C. Add additional password complexity for accounts that access data β D. Conduct monthly permission auditing β E. Consolidate all logs on a SIEM β F. Archive the encryption keys of all disabled accounts β G. Enable time-of-day restrictions on the authentication server Quick Answer: 33 The Details: 50 Quick Answer: 33 The Details: 51 8 Practice Exam A - Questions A15. Rodney, a security engineer, is viewing this record from the firewall logs: UTC 04/05/2018 03:09:15809 AV Gateway Alert 136.127.92.171 80 -> 10.16.10.14 60818 Gateway Anti-Virus Alert: XPACK.A_7854 (Trojan) blocked. Which of the following can be observed from this log information? β A. The victim's IP address is 136.127.92.171 β B. A download was blocked from a web server β C. A botnet DDoS attack was blocked β D. The Trojan was blocked, but the file was not A16. A user connects to a third-party website and receives this message: Your connection is not private. NET::ERR_CERT_INVALID Which of the following attacks would be the MOST likely reason for this message? β A. Brute force β B. DoS β C. On-path β D. Disassociation A17. Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site? β A. Federation β B. 802.1X β C. PEAP β D. EAP-FAST Quick Answer: 33 The Details: 53 Quick Answer: 33 The Details: 54 Quick Answer: 33 The Details: 55 Practice Exam A - Questions 9 A18. A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information? β A. MTBF β B. RTO β C. MTTR β D. MTTF A19. An attacker calls into a companyβs help desk and pretends to be the director of the companyβs manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. What kind of attack would BEST describe this phone call? β A. Social engineering β B. Tailgating β C. Watering hole β D. On-path A20. A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The companyβs network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network teamβs requirements? β A. EAP-TLS β B. PEAP β C. EAP-TTLS β D. EAP-MSCHAPv2 Quick Answer: 33 The Details: 56 Quick Answer: 33 The Details: 57 Quick Answer: 33 The Details: 58 10 Practice Exam A - Questions A21. Which of the following would be commonly provided by a CASB? (Select TWO) β A. List of all internal Windows devices that have not installed the latest security patches β B. List of applications in use β C. Centralized log storage facility β D. List of network outages for the previous month β E. Verification of encrypted data transfers β F. VPN connectivity for remote users A22. The embedded OS in a companyβs time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue? β A. DLL injection β B. Resource exhaustion β C. Race condition β D. Weak configuration A23. A recent audit has found that existing password policies do not include any restrictions on password attempts, and users are not required to periodically change their passwords. Which of the following would correct these policy issues? (Select TWO) β A. Password complexity β B. Password expiration β C. Password history β D. Password lockout β E. Password recovery Quick Answer: 33 The Details: 59 Quick Answer: 33 The Details: 60 Quick Answer: 33 The Details: 61 Practice Exam A - Questions 11 A24. What kind of security control is associated with a login banner? β A. Preventive β B. Deterrent β C. Corrective β D. Detective β E. Compensating β F. Physical A25. A security team has been provided with a noncredentialed vulnerability scan report created by a thirdparty. Which of the following would they expect to see on this report? β A. A summary of all files with invalid group assignments β B. A list of all unpatched operating system files β C. The version of web server software in use β D. A list of local user accounts A26. A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps? β A. Communication plan β B. Continuity of operations β C. Stakeholder management β D. Tabletop exercise A27. A security administrator is concerned about data exfiltration resulting from the use of malicious phone charging stations. Which of the following would be the BEST way to protect against this threat? β A. USB data blocker β B. Personal firewall β C. MFA β D. FDE Quick Answer: 33 The Details: 62 Quick Answer: 33 The Details: 63 Quick Answer: 33 The Details: 64 Quick Answer: 33 The Details: 65 12 Practice Exam A - Questions A28. A company would like to protect the data stored on laptops used in the field. Which of the following would be the BEST choice for this requirement? β A. MAC β B. SED β C. CASB β D. SOAR A29. A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery? β A. 2 β B. 3 β C. 4 β D. 1Module 5: Halal Internal Audit Facilitation (Day 9)Good day this is Chris today we will be doing a quick walkthrough on ISO 14001 2015 Environmental Management System and its main clauses let's get started ISO 14001 2015 Environmental Management System is a globally recognized standard for environment Management systems or EMS an EMS is a framework that organizations use to manage their environmental impact comply with regulations and improve their environmental performance the standard outlines are requirements for an EMS including the development of an environmental policy the identification of environmental aspects and impacts the establishment of objectives and targets the implementation of operational control monitoring and measurement systems and the ongoing review and Improvement of the system ISO 14001 is a flexible standard that can be used by organizations of any size or type regardless of their environment impact or level of environment performance it provides a practical framework for organizations to manage their environmental impact reduce environment risks and demonstrate their commitment on sustainability to their stakeholders here is the standard that provides a structured approach to develop an EMS which includes several key steps one organizations must develop an environmental policy that outlines their commitment to environmental sustainability this policy should be communicated to all employees and stakeholders two organizations must identify their environmental aspects and impacts this involves identifying the activities products and services that have an impact on the environment as well as the potential environmental consequences of those impacts three once the environmental aspects and the impacts have been identified organizations must establish environmental objectives and targets these objectives and targets should be specific measurable achievable relevant and time-bound 4. after setting objectives and targets organizations must Implement operational controls and establish monitoring and measurement systems to ensure that they are meeting their objectives and targets finally organizations must review and continually improve their EMS this involves conducting regular audits reviewing the EMS to ensure that it remains relevant and effective and making any necessary changes or improvements the main Clause of iso 14001 2015 apart from its scope normative references and terms and conditions that the main Clauses of iso 14001 2015 can be listed as context of the organization leadership planning support operation performance evaluation and Improvement Clause 4.0 context of the organization is about understanding the organization and its context understanding the needs and expectations of the interested parties determining the scope of the Environmental Management System EMS and Environmental Management System itself Clause 5.0 talks about leadership and commitment Environmental Policy organizational roles responsibility and authorities Clause 6.0 planning focuses on actions to address risk and opportunities as well as environmental objectives and planning to achieve them Clause 7.0 support are detailed requirements on resources competence awareness communication that includes external and internal communication documented information that involves creating updating in control of documented information Clause 8.0 operation talks about operational planning and control as well as emergency preparedness and response overall the design of iso 14001 2015 provides guidelines to form a system that is structured to cater the requirements of stakeholder needs and expectations to drive life cycle perspective and Energy Efficiency as pictured here Clause 9.0 performance evaluation provides guidelines to monitoring measurement analysis and evaluation evaluation compliance and management review an additional note here is that ISO 19011 2018 guidelines for auditing Management Systems which is an audit process that will determine the scope to establish the audit criteria by collecting evidence evaluating the evidence and then draw a conclusion based on the findings as pictured here [Music] finally Clause 10.0 Improvement talks about how Improvement is an integral factor to an effective Environmental Management system through General non-conformity and corrective action and continual Improvement talking about Improvement it is always continual in putting efforts towards the betterment of the existing system here is a snapshot of the main Clauses of iso 14001 2015 [Music] I hope you find this video useful we are industry experts specialized in management system consultancy and Industry relevant corporate training give us a call and let us help you drive your business excellence and upskill your employees to elevate workplace efficiency [Music] CREATE 10 MCQ AND 2 SAQ QUESTIONS BASED ON THE ABOVE PARAGRAPHInternal Audit QuizInternal AuditINTERNAL AUDIT SEKTOR PUBLIKINTERNAL AUDIT VS eXTERNAL AUDITInternal Audit 2023 | Before