Page 68 - StudyBook.pdf
P. 68

52     Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing

                  A. System logging in order to capture events similar to this in the future

                  B. Segmentation of duties to prevent a teller from issuing and authorizing a
                      credit
                  C. System scanning in order to test other areas of the software for vulnerabili-
                      ties similar to this
                  D. Log analysis to ensure that future events like this are flagged for follow-up.

              10. As an administrator for a large corporation, you take your job very seriously
                  and go through all of the systems’ log data daily.While going through the for-
                  tieth log of the day, you decide that you’re spending too much time skipping
                  over meaningless information to get to the few chunks of data that you can
                  do something with.Which of the following options should you consider to
                  reduce the amount of effort required on your part without compromising the
                  overall security of the environment?
                  A. Reduce the frequency of system scans so that fewer logs are generated

                  B. Tune the logging policy so that only important events are captured
                  C. Write logs less frequently to reduce the amount of log data
                  D. Use segmentation of duties to move analysis of the log files to other team
                      members with more time

              11. You have a variety of tools available to you as a security administrator that
                  help with your security efforts. Some of these tools are tools created to per-
                  form penetration testing or “pen testing.” Based on your experience, what is
                  the best use of these tools in your role as a security administrator?
                  A. Break through a system’s security to determine how to best protect it

                  B. Test a system’s response to various attack scenarios
                  C. Check compliance of a system against desktop security policies
                  D. Determine a logging policy to use which ensures the capture of log data
                      for recent attack types

              12. You are performing an audit to attempt to track down an intruder that man-
                  aged to access a system on your network.You suspect that the intruder may
                  have been a former employee who had intimate knowledge of the IT infras-
                  tructure.As part of your audit, which of the following would you consider
                  crucial to tracking the intruder?




          www.syngress.com
   63   64   65   66   67   68   69   70   71   72   73