4) Auditing and Accountability Flashcards

1
Q

Evidence exists where an individual is unable to deny he or she has made a statement or taken action.

A

Nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Monitors and reports malicious events.

A

Intrusion detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Alarms and takes actions when malicious events occur.

A

Intrusion prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Penalizes for acting against the rules.

A

Deterrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What document do courts require for admissibility of records?

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An employee is charged with fraud, and the company can prove in court that there are email transactions showing that the employee completed these using a digital signature. What term is being described?

A

Nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The primary means to ensure accountability through technical means.

A

Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This provides us with the means to trace activities in our environment back to their source.

A

Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Refers to a situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action.

A

Nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Refers to elements that discourage or prevent misbehavior in out environments.

A

Deterrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A monitoring tool that alerts when an attack or other undesirable activity is taking place.

A

IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An IDS is a monitoring tool that alerts when an attack or other undesirable activity is taking place. What does IDS stand for?

A

Intrusion detection system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A tool that can take action based on what is happening in the environment.

A

IPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An IPS is a tool that can take action based on what is happening in the environment. What does IPS stand for?

A

Intrusion prevention system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A methodical examination and review that ensures accountability through technical means.

A

Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A process that provides a history of the activities that have taken place in the environment.

A

Logging

17
Q

A subset of auditing that focuses on observing information about the environment in order to discover undesirable conditions such as failures, resource shortages, security issues, and trends.

A

Monitoring

18
Q

An activity involving the careful examination of our environment using vulnerability scanning tools in order to discover vulnerabilities.

A

Vulnerability assessment

19
Q

A more active method of finding security holes that includes using the kinds of tools attackers use to mimic an attack on out environment.

A

Penetration testing

20
Q

A well-known vulnerability scanning tool.

A

Nessus

21
Q

What process ensures compliance with applicable laws, policies, and other bodies of administrative control, and detects misuse?

A

Auditing

22
Q

___ provides us with the means to trace activities in our environment back to their source.

A

Accountability

23
Q

A surveillance video log contains a record, including the exact date and time, of an individual gaining access to his company’s office building after hours. He denies that he was there during that time, but the existence of the video log proves otherwise. What benefit of accountability does this example demonstrate?

A

Nonrepudiation

24
Q

Your organization’s network was recently the target of an attack. Fortunately, the new system you installed took action and refused traffic from the source before you even had a chance to respond. What system did you install?

A

An intrusion prevention system

25
Q

Nessus is an example of a ___ tool.

A

vulnerability scanning