SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.

True

False

In security testing data collection, observation is the input used to differentiate between paper procedures and the way the job is really done.

True

False

Committee of Sponsoring Organizations (COSO) is a set of best practices for IT management.

True

False

A report indicating that a system's disk is 80 percent full is a good indication that something is wrong with that system.

True

False

Regarding log monitoring, false negatives are alerts that seem malicious but are not real security events.

True

False

Data loss prevention (DLP) uses business rules to classify sensitive information to prevent unauthorized end users from sharing it.

True

False

Regarding an intrusion detection system (IDS), stateful matching looks for specific sequences appearing across several packets in a traffic stream rather than justin individual packets.

True

False

Which regulatory standard would NOT require audits of companies in the United States?

		Sarbanes-Oxley Act (SOX)
		Personal Information Protection and Electronic Documents Act (PIPEDA)
		Health Insurance Portability and Accountability Act (HIPAA)
		Payment Card Industry Data Security Standard (PCI DSS) In security testing, reconnaissance involves reviewing a system to learn as much as possible about the organization, its systems, and its networks. True False