ISC2 Practice Exam Questions And Answers With Complete Solutions 100% Correct | 2024.

ISC2 Practice Exam Questions And Answers With Complete Solutions 100% Correct | 2024. Replaced SAS 70 in 2011 SSAE 16 - Statement on Standards for Attestation Engagements (SSAE) No. 16 created SAS 70, a standard used until 2011 AICPA - american institute of certified public accountants Sarbanes-Oxley Act of 2002 instigated the move from SAS 70 SOC reports Service Organization Control Reports SSAE 16 the standard used for a SOC 1 report Readers of SOC 1 reports could include financial executives at a user organization, compliance officers, and financial auditors of the service organization. TSC AICPA's Trust Services Criteria tests the controls for effectiveness A SOC 2 Type 2 audit the result of the auditor ensuring the controls are in place and well-designed SOC 2 Type 1 A Soc 3 Same information as a Soc 2 report. Intended for a general audience. Merchants with over 6 million transactions a year, across all channels or any merchant that has had a data breach are in this category PCI DSS level 1 US PII law regarding the government itself Privacy Act US PII law regarding medical providers HIPAA US PII law regarding financial and insurance vendors GLBA for distributing data with less chance of quality loss CDN arranges data as objects in a structured hierarchy Object storage should make a data set more secure and decrease the chance of unauthorized access Bit-splitting Volume-storage encryption any outsider (that is, a person who does not have access to the volume OS) will be able to steal only encrypted data suggested as possible masking techniques random substitution, algorithmic substitution, deletion the trait that allows DRM protection to follow protected files wherever they might be stored/copied Persistence "Processing," in a PII context any manipulation of the data, to include securing or destroying it, in electronic or hard-copy form involves encrypting the data before it enters the fields of the database; it is much more difficult to search and review data that has been encrypted, making stuff like search, indexing more difficult Application-level encryption It is not included in the CSA CCM. The DMCA deals with intellectual property and not specifically with personal privacy. the practice of having sufficient data to replace a lost chunk in data dispersion, protecting against the possibility of a device failing while it holds a given chunk; parity bits serve the same purpose in the legacy RAID configuration Erasure coding also referred to as egress monitoring DLP the automated injection of breached username/password pairs from a website breach or password dump site Credential stuffing only provides information about financial reporting mechanisms of the target. While this information may be of little use to the IT security professional, it may be of great use to potential investors, if for nothing other than providing some assurance that reporting is valid and believable. SOC 1 report only describes IT security controls designed by the target but not how effectively those controls function. While of some interest to the IT security professional, this is of little interest to the investor SOC 2, Type 1 report will provide details on IT security controls used by the target and how well those controls function. While of great interest to the IT security professional, this is of little interest to the investor The SOC 2, Type 2 report is only an attestation that the target was audited and that it passed the audit, without detail SOC 3 report due care the minimal level of effort necessary to perform your duty to others Due diligence any activity taken in support or furtherance of due care where the third party acts on behalf of the member organizations, reviewing each to ensure that they are all acceptable to the others proxy federation model ENISA includes "_________________" as a defining trait of cloud computing. This is not included in the definition published by (ISC)2 (or by NIST). programmatic management NIST's definition of cloud carrier an intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers a term associated with Kerberos single sign-on systems TGT if one tenant can influence another's resources that is considered _________