Question 26 (1 point) You were asked to read a Wired article on a cybersecurity event that affected a large multi-national company. The company had several control failures. Which of the following corrective controls was inadequate? Question 26 options: Administrative controls were tested and updated. Database backup systems were properly tested and available. Physical access controls were tested and updated. Authentication controls were reviewed and tested.
Added by Jake M.
Step 1
Step 1: Identify the context of the question, which is about a cybersecurity event affecting a large multi-national company and the inadequacy of a specific corrective control. Show more…
Show all steps
Your feedback will help us improve your experience
Breanna Ollech and 91 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
33. Which of the following actions provides the IS Auditor with the greatest assurance that certain weaknesses in internal control procedures have been corrected by management? A. Discussing with management the corrective procedures that were implemented to strengthen the internal controls. B. Obtaining a letter of representation from management stating that the weaknesses have been corrected. C. Performing compliance tests and evaluating the adequacy of procedures that were implemented by management to correct the weaknesses. D. Reviewing management's response to the weaknesses in their formal report to the Board of Directors' audit committee. Requests for access to production data should be approved by the: a. data owner. b. security officer. c. programming manager. d. operations manager. 39. Which of the following is MOST important when there is a lack of adequate fire detection and control equipment in the computer areas? a. Adequate fire insurance b. Regular hardware maintenance c. Off-site storage of transaction and master files d. Fully tested backup processing facilities
Breanna O.
Texts: Sally Parr is a social media editor for Bravo Manufacturing, a company which builds ruggedized computer systems for the aerospace and defense industries. Among Sally's duties is monitoring a discussion forum which the company hosts on one of the web servers in its DMZ. Bill Fernley is a web developer and administrator who maintains the company's Internet-facing systems - web server, mail gateway, etc. He works closely with Mike Chambers, a security analyst reporting to the CISO. On Monday morning, Sally is reviewing the weekend's posts on the discussion forum to make sure that any customer questions get answered. When she opens one discussion thread, a browser dialog window pops up, reading "Test - please ignore". She calls Bill to ask whether he is doing any testing, but he says, "No - the system hasn't been patched or updated for over a month". Bill executes an SQL query on the database which backs the discussion forum, in order to get the text of the last week's posts: SELECT post_text FROM forum_posts WHERE post_date BETWEEN '2019-01-18' AND '2019-01-25'; He immediately spots an entry from the previous evening with text that reads: '<script>alert("Test - please ignore");</script>'. Bill reports what he has found to Mike, who must quickly install some kind of compensating control. Which control would be most appropriate? Select one: 1) A packet-filtering firewall 2) A spam filter 3) A web application firewall. Which phase of the cyber intrusion kill chain has the attack reached, according to this evidence? Select one: 1) Weaponize 2) Reconnaissance 3) Deliver.
Akash M.
In this lab, students will create a free account on the Cloud Security Alliance website and download a Top Threats study. Students will be asked to analyze a vulnerability, choose an appropriate control, and perform a little more research to back that selection up with facts. This lab will give students exposure to the Cloud Security Alliance top threat program. Students should go to the CSA page / Knowledge Center / Research Library (Links to an external site.) and create a free account. Sign in and open the following document: Top Threats to Cloud Computing: Deep Dive. Scroll down to the Cloudbleed vulnerability and read the one-page details. Students are to select one of these two categories - Preventative Controls or Detective Controls. Under this category, choose which control you believe to be the most effective and explain why. What to submit in your Lab Report: Vulnerability: Cloudbleed Select one - Preventative or Detective: Most Important Control and Why: Research: Do some research and try to find an example of where your chosen control could have prevented CloudBleed from being impactful.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD