1. Which of the following is a deterrent control? A. Authorized Personnel Only...
Question:
1. Which of the following is a deterrent control?
A. “Authorized Personnel Only” sign
B. Backups
C. User training
D. Log monitoring
2. Which of the following is an operational control?
A. Security awareness and training
B. Vulnerability assessment
C. Antivirus software
D. Encryption
3. Which of the following is a compensating control?
A. Change management
B. Security audits
C. Network Access Control (NAC)
D. Cable locks
4. Which of the following is a preventative control?
A. Cable locks
B. Change management
C. Security audits
D. Disaster recovery sites
5. Which of the following is a technical control?
A. Security awareness and training
B. Vulnerability assessment
C. Encryption
D. Media protection
6. Which of the following is a managerial control?
A. Antivirus software
B. Encryption
C. Security awareness and training
D. Vulnerability assessment
7. Which of the following is a deterrent control?
A. Change management
B. Cable locks
C. Disaster recovery sites
D. Security audits
8. Which of the following is an operational control?
A. Incident response plan
B. IPS (intrusion prevention system)
C. Physical protection
D. Firewalls
9. Which of the following is a technical control?
A. Security guards
B. Antivirus software
C. Standard Operating Procedures (SOP)
D. Security awareness and training
10. Which of the following is an operational control?
A. IDS (intrusion detection system)
B. Configuration management
C. Penetration (pen) tests
D. Encryption
Auditing a risk based approach to conducting a quality audit
ISBN: 978-1133939153
9th edition
Authors: Karla Johnstone, Audrey Gramling, Larry Rittenberg