FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 18: Security Auditing

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

Windows allows the system user to enable auditing in _______ different categories.

A) five
B) seven
C) nine
D) eleven

E) All of the above
F) A) and D)

Correct Answer

verified

Show Answer

Question 2

True/False

Review LaterAdd Note

Review Later

Although important, security auditing is not a key element in computersecurity.

A) True
B) False

Correct Answer

verified

Show Answer

Question 3

True/False

Review LaterAdd Note

The foundation of a security auditing facility is the initial capture ofthe audit data.

A _______ is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures.

Severe messages, such as immediate system shutdown, is a(n) _____ severity.

The basic audit objective is to establish accountability for systementities that initiate or participate in security-relevant events and actions.

_________ is a form of auditing that focuses on the security of an organization's IT assets.

The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail.

A _______ is an independent review and examination of a system's records and activities.

Applications, especially applications with a certain level of privilege,present security problems that may not be captured by system-level or user-level auditing data.

______ software is a centralized logging software package similar to, but much more complex than, syslog.

Audit trails are different from audit logs.

Data items to capture for a security audit trail include:

Windows is equipped with three types of event logs: system event log, security event log, and ________ event log.

_________ audit trails are generally used to monitor and optimize system performance.

All UNIX implementations will have the same variants of the syslogfacility.

The ________ is an application or user who examines the audit trail and the audit archives for historical trends, for computer forensic purposes, and for other analysis.

Monitoring areas suggested in ISO 27002 include: authorized access, all privileged operations, unauthorized access attempts, changes to (or attempts to change) system security settings and controls, and __________.

________ audit trail traces the activity of individual users over time and can be used to hold a user accountable for his or her actions.

The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collector.