Q1. Which one of the following is not a security testing control?
Vulnerability assessment
Penetration testing
Departmental tests
Denial of Service Tests
Q2. Access is controlled through a retina scanner for the identification, authentication, and authorization of operators to a data center. A legitimate user was erroneously denied access during a scan. Such errors can be categorized under which one of the following?
False negative
False positive
False rating
True negative
Q3. The effectiveness of a security control is a measure for which one of the following?
Expected outcome of a control action
Efficient process
Security policy
Security procedure
Q4. The collection of security process, test data, and reporting is used to verify what?
Security controls are documented
Employee awareness about security controls
Avoid social engineering attacks
Security policies and procedures are continuously and uniformly applied
Q5. Third-party audits are conducted for what?
Independent review of security
Internal...