1. Describe the steps in the information system security audit process.
2. Describe the differences between Black box, White box, and Gray box forms of vulnerability and penetration testing.
3. What are the five steps a team goes through when conducting a penetration test? What are the three degrees of knowledge that a penetration team can have about the target?
4. Discuss any three of the commonly exploited vulnerabilities targeted in penetration tests and the appropriate countermeasures to mitigate them.
5. Discuss the various test types that Operations and Security Departments should carry out to monitor the environment's vulnerability to attack.
6. Define the following KPI terms: factor, measurement, baseline, metric, and indicator. What is the difference between a KPI and KRI?
7. What are the key elements that should be included in a good technical audit report? What should be included to provide senior management a brief overview of the report highlights?