Moderate

Medium+

high

7. 
   Specify the distribution kit that is used for penetration testing in various web applications
   

Samurai Web Security

Framework Santoku Linux

DEFT Linux

Network Security Toolkit

8. 
   A computer program, piece of code, or sequence of commands that uses a vulnerability to attack a system.
   

Exploit+

SQL injection

Debuggers

9. 
   What are programs for finding errors in other programs, operating system kernels, SQL queries and other types of code
   

Debuggers+

SQL injection

Exploit

10.ISSAF ...........

describes the security assessment of firewalls, routers, antivirus systems and more+

---

focused on pentesting that organizations need, processing, storing and transmitting data about cardholders.

focused on pentesting that organizations need, processing, storing and transmitting data about cardholders.

11. 
    What is the security distribution based on - Parrot Security OS?
    

Debian Linux.+

Ubuntu

ArchLinux.

Gentoo Linux

11. 
    . is one of the first methods of
    

comprehensive testing of information security of an organization.. PCI DSS

OSSTM+M ISSAF

11. 
    The probability of making an attack is approximately equal to 0.5)
    

Very low

Низкая

Medium+

11. 
    What type of projects does SysTrust belong to?
    

TrustService Services

Security Services

15. At the last stage of the audit of

information security, recommendations are developed to improve the organizational and

technical support of protection at the enterprise. Such recommendations include various types of actions aimed at.

minimization of identified risks+

Risk Reduction

Risk avoidance

Changing the nature of the risk

11. 
    The probability of an attack is quite low. Corresponds to the numerical probability interval [0.25, 0.5)
    

Very low

Low+

Medium

11. 
    In which audit do experts model the actions of an “external” intruder?
    

external active audit+

internal active audit

11. 
    How is the risk value determined?
    

Risk = (resource cost * probability of threat): magnitude of vulnerability+

Risk = (resource cost + probability of threat): magnitude of vulnerability

Risk = (resource

---

cost - probability of threat): magnitude of vulnerability

11. 
    Choose an attack probability that matches the description "An attack will almost never be carried out.
    

Corresponds to the numerical interval of the probability [0, 0.25)"

Very low+

Low

(Medium)

11. 
    When conducting what type of audit with the help of special software tools, the actions of an “internal” attacker are modeled)?
    

(external active audit)

(internal active audit)+

11. 
    Choose the level of damage suitable for the description "Minor losses of material assets that are quickly restored, or minor consequences for the reputation of the company")
    

(Minor) +

(Moderate)

(Medium)

(high)

11. 
    Kali Linux formerly known as.
    

BackTrack+

Wireshark Armitage

Aircrack

11. 
    (Noticeable loss of tangible assets or moderate impact on the company's reputation")
    

Minor)

(Moderate) +

(Medium)

(high)

11. 
    (Large loss of tangible assets and great damage to the company's reputation")
    

Малый (Minor) Умеренный (Moderate) Средней тяжести (Medium)

Большой (high)+

11. 
    (How is the risk value calculated?)
    

Риск (a) = P(a) × Ущерб (a).+

Риск (a) = Pиск(a) × Ущерб (a). Риск (a) = P(a) + Ущерб (a).

Риск (a) = P(a) / Ущерб (a).

11. 
    (The attack will almost certainly be carried out. Corresponds to the numerical probability interval (0.75, 1])
    

Очень низкая (Very low)

Низкая (low)

Средняя (Medium) Высокая (High)

Очень

---

высокая (Very high)+

11. 
    The attack is likely to be carried out. Corresponds to the numerical probability interval (0.5, 0.75]
    

Очень низкая (Very low) Низкая (low)

Средняя (Medium) +

Высокая (High)

11. 
    (How many penetration testing utilities does Kali Linux contain?)
    

более чем из 600 security-утилит+

1359

16

64

11. 
    Specify a standard that allows financial auditors to expand the scope of their activities by using a simple and understandable set of requirements for assessing the reliability and security of IS.)
    

SysTrust+

BSI\IT Baseline Protection Manual

ISO 17799: Code of Practice for Information Security Management

ISO 15408: Common Criteria for Information Technology Security Evaluation

30. focused on

pentesting that organizations need, processing, storing and transmitting data about cardholders.)

PCI DSS+

OSSTMM ISSAF
MIDTERM

1. 
   Which organization is the world leader in harmonizing and centralizing IT control practices? Какая организация является мировым лидером по гармонизации и централизации практических стандартов в области контроля за ИТ?
   

ISACA+ IEEE ISO

2. 
   What is the main difference between strategic IT audit and other types of IT audit? В чем состоит главное отличие стратегического ИТ -аудита от других видов ИТ- аудита?
   

necessarily includes an assessment of TCO by the company's information systems (обязательно включает оценку ССВ информационными системами компании)

The ultimate goal of a strategic IT audit is to identify the reasons for the discomfort of the top management of the organization in connection with the use of IT. (конечной целью стратегического И - аудита является идентификация причин дискомфорта высшего руководства

---

организации в связи с использованием ИТ)+

a consulting company is required to conduct a strategic IT audit (для проведения стратегического и - аудита обязательно привлекается консалтинговая компания)

3.   1   2   3

---

Смотрите также файлы

• Компьютер и здоровье человека.docx

• Ситуаційні завдання до екзамену з фармакології.docx

• Программа для школ с использованием таких основных тем как, энергия, вода, мусор, здоровый образ жизни, изменение климата, разумное потребление.ppt

• Практическая работа к теме Доверие к государству Тема занятия Что мы Родиной зовем Класс 4.docx

• Занятие по всеобщей истории. Часть Вопрос. В чем причина распада Римской империи и падения Западной Римской империи.docx