SSCP DOMAIN 3: Monitoring and Analysis
Which of the following is collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
Audit trail
A recreation of historical events is made possible through?
Audit trails
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
Auditing
Network-based intrusion detection is most suited to detect and prevent which types of attacks?
Bandwidth-based denial of service
honey pot is used for what purpose?
Delay intruders in order to gather auditing data
What is the purpose of audit trails?
Detect security-violating events
Audit trails produced by auditing activities are considered what type of security control?
Detective
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
Disconnect the intuder
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet
IDS
Which of the following is a security that monitors network traffic in real time or reviews that audit logs on servers looking for security violations?
IDS
Which of the following is best complimentary product to a firewall?
IDS
What actions can a typical Passive Intrusion System (IDS) take when it detects an attack? (Choose two)
IDS logs all pertinent data about the intrusion An alert is generated and delivered via email, the console, or an SNMP trap
Which of the following is not true concerning a padded cell?
Is often placed inside a honey pot
Which of the following activities are considered passive in regards to the functioning of an intrusion detection system? (choose 2)
Listening to network traffic Monitoring the audit trails
Which of the following is not included in a system audit event? (choose 2)
Names of accessed files Any actions performed by the user
An active system IDS system often performs which of the following actions? (choose 2)
Perform reverse lookups to identify an intruder Update filters to block suspect traffic
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step be taken to ensure that the information is useful in maintaining a secure enviroment?
Periodic reviews must be conducted to detect malicious activity or policy violatioins
Network based intrusion detection system (IDS) are able to detect which of the attacks?(Select 2)
Port scanning Denial of service
The auditing feature of an operating system servers as what form of control when users are informed that their actions are being monitored?
Preventative
Which of the following describes the worst possible action by an IDS?
System identified harmful traffic as harmless and was allowed to pass without any alerts being generated
Which of the following best describes an audit daemon?
Trusted utility that runs a background process whenever auditing is enabled