Why do event logs record both normal and abnormal activities Select all that apply quizlet?

Asked by wealthwale

Multiple Selection

1. Select the controls from the list below that can implement a tailored access policy.

A. Access control lists

B. Control of user group-based access rights

C. Control of world-based access rights

D. Control of system-based access rights

Multiple Choice

2. What is the principle behind Microsoft's operating systems using a UAC (user account control)?

A. Provide total admin privileges

B. Change user password

C. Provide temporary admin privileges

D. Acceptable Use Policy

Multiple Choice

3. Unix implements three file-access rights (read, write, and execute/search) for which identities?

A. Owner

B. Group

C. World

D. All of these are correct.

4. Unix users have several commands. Which of the following commands is short for the command "Change group"?

A. Chmod

B. Chgrp

C. Chown

D. None of these is correct.

Multiple Selection

5. Which of the following are the primary file-access rights in Unix? Select all that apply.

A. Read

B. Control

C. Write

D. Execute

6. True or False? If the "root" user accesses a file, the system grants full access.

Fill-in-the-Blank

7. _________ is described as the implicit spreading of trust.

Multiple Choice

8. A primary use of event logs is to:

A. determine when software should be upgraded.

B. serve as an audit trail.

C. identify file ownership.

D. All of these are correct.

True/False

9. True or False? The computer keeps record of what it does, and those set of files are called the event log or the audit trail.

Essay

10. Explain the role logging plays in meeting compliance with laws related to financial institutions and practices, such as the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act.

Multiple Choice

11. Passed in 2002, __________ requires U.S. government agencies to implement agency-wide information security programs.

A. SOX (Sarbanes-Oxley Act)

B. HIPAA (Health Insurance Portability and Accountability Act)

C. FISMA (Federal Information Security Management Act)

D. PCI DSS (Payment Card Industry Data Security Standard)

Multiple Selection

12. Why do event logs record both normal and abnormal activities? Select all that apply.

A. An activity may look normal when it occurs and abnormal when analyzed in context with other activities

B. Normal activities are so rarely logged that they do not add enough overhead to justify removing them.

C. Normal activities help track side effects of abnormal activities

Multiple Choice

13. People who interpret event logs do not like administrators to use privileged accounts with a fixed name, like "root." Which of the following is the best explanation for this?

A. The "root" user ID is shared by many people; the event log can't easily tell which user really performed a logged action

B. Auditors who review event logs believe they should have the same access rights as other administrative personnel

C. Overuse of the "root" user ID increases the risk that someone will execute malicious software by mistake

D. The "root" user ID can modify event logs, while other privilege mechanisms, like "sudo," can't modify event logs

14. Which of the following is a formal review of the systems integrity and of the data it maintains regarding the organization's business.

A. Security event log

B. Event logging

C. Information systems audit

D. None of these is correct.

15. The security framework that replaced the U.S. DOD Orange Book is called:

A. Common Conduct.

B. Red Book.

C. PCI DSS.

D. Common Criteria.

16. The law that establishes security measures that must be taken on health-related information is:

A. HIPAA.

B. GLBA.

C. SOX.

D. FISMA.