Page 782 - StudyBook.pdf
P. 782
766 Appendix • Self Test Appendix
A. System logging in order to capture events similar to this in the future
B. Segmentation of duties to prevent a teller from issuing and authorizing a credit
C. System scanning in order to test other areas of the software for vulnerabilities similar to
this
D. Log analysis to ensure that future events like this are flagged for follow-up.
B. Changing the security policy around the area of segmentation of duties would prevent a
teller from performing this action in the future. In addition, the change in policy would prevent
future incidents of the same type from occurring or at least make it more difficult.
Answer A is incorrect because logging the event will not prevent it from occurring. It is better
to prevent something from happening rather than see that it has happened.Answer C is incor-
rect because it does not have any action that prevents this problem from occurring.The admin-
istrator would then know where the potential problems are, but she would not have performed
any preventative measures.Answer D is incorrect because it also does nothing to prevent the
problem from occurring again.While adding better logging and analysis are good ideas going
forward, the focus should be on the immediate problem of preventing a user from performing
both parts of a sensitive operation.
10. As an administrator for a large corporation, you take your job very seriously and go through
all of the systems’ log data daily.While going through the fortieth log of the day, you decide
that you’re spending too much time skipping over meaningless information to get to the few
chunks of data that you can do something with.Which of the following options should you
consider to reduce the amount of effort required on your part without compromising the
overall security of the environment?
A. Reduce the frequency of system scans so that fewer logs are generated
B. Tune the logging policy so that only important events are captured
C. Write logs less frequently to reduce the amount of log data
D. Use segmentation of duties to move analysis of the log files to other team members with
more time
B.Tuning the logging policy so that only important events are captured is the best method to
reduce the amount of effort while maintaining a secure environment.This must be done care-
fully to ensure that all relevant log data is still captured.
Answer A is incorrect because reducing the frequency of system scans may reduce the amount
of log data, but it would also potentially reduce the security of the environment.Answer C is
incorrect because writing logs less frequently does not reduce the amount of log data; it simply
delays the writing of that data.Answer D is incorrect because this is not a situation where seg-
mentation of duties would apply.
11. You have a variety of tools available to you as a security administrator that help with your
security efforts. Some of these tools are tools created to perform penetration testing or “pen
testing.” Based on your experience, what is the best use of these tools in your role as a secu-
rity administrator?
www.syngress.com
