SSCP DOMAIN 3: Monitoring and Analysis

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which of the following is collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?

Audit trail

A recreation of historical events is made possible through?

Audit trails

Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?

Auditing

Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth-based denial of service

honey pot is used for what purpose?

Delay intruders in order to gather auditing data

What is the purpose of audit trails?

Detect security-violating events

Audit trails produced by auditing activities are considered what type of security control?

Detective

If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Disconnect the intuder

What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet

IDS

Which of the following is a security that monitors network traffic in real time or reviews that audit logs on servers looking for security violations?

IDS

Which of the following is best complimentary product to a firewall?

IDS

What actions can a typical Passive Intrusion System (IDS) take when it detects an attack? (Choose two)

IDS logs all pertinent data about the intrusion An alert is generated and delivered via email, the console, or an SNMP trap

Which of the following is not true concerning a padded cell?

Is often placed inside a honey pot

Which of the following activities are considered passive in regards to the functioning of an intrusion detection system? (choose 2)

Listening to network traffic Monitoring the audit trails

Which of the following is not included in a system audit event? (choose 2)

Names of accessed files Any actions performed by the user

An active system IDS system often performs which of the following actions? (choose 2)

Perform reverse lookups to identify an intruder Update filters to block suspect traffic

Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step be taken to ensure that the information is useful in maintaining a secure enviroment?

Periodic reviews must be conducted to detect malicious activity or policy violatioins

Network based intrusion detection system (IDS) are able to detect which of the attacks?(Select 2)

Port scanning Denial of service

The auditing feature of an operating system servers as what form of control when users are informed that their actions are being monitored?

Preventative

Which of the following describes the worst possible action by an IDS?

System identified harmful traffic as harmless and was allowed to pass without any alerts being generated

Which of the following best describes an audit daemon?

Trusted utility that runs a background process whenever auditing is enabled


Kaugnay na mga set ng pag-aaral

Intro To Microeconomics: Chapter 9

View Set

Chapter 7, 10, 8, 17 and Case Employment Law

View Set

Nonverbal Communication: Appearance, Gestures, and Expressions

View Set

Chapter 18, Chapter 17, Chapter 20 (EXAM II)

View Set

Chapter 22: Respiratory Tract Infections, Neoplasms, and Childhood Disorders PATHO taken from http://thepoint.lww.com/Book/Show

View Set

Fundamentals of Nursing - Basics of Nursing Practice

View Set

Med Surg GI/GU Kidney & Renal Questions

View Set