4.0 Security Architecture and Tool Sets Flashcards
which audit category will audit all instances of users exercising their rights?
the audit privilege use audit category
what is another term for logical controls?
technical controls
which type of controls dictates how security policies are implemented to fulfill the company’s security goals?
administrative or management control
what is the name of the process for removing only the incriminating data from the audit logs?
scrubbing
which type of controls is implemented to secure physical access to an object, such as building, a room, or a computer?
physical or operational control
which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?
administrative controls
what is the purpose of administrative controls?
to implement security policies based on procedures, standards, and guidelines
what is the purpose of password complexity rules?
to ensure that users do not use passwords that are easy to guess using dictionary attacks
what must you do for an effective security auditing policy, besides creating security logs?
analyze the logs
what is the purpose of physical controls?
to work with administrative and technical controls to enforce physical access control
which audit category tracks access to all objects outside active directory?
the audit object access audit category
which password attack does an account lockout policy protect against?
a brute force attack
if a user needs administrative-level access, how many user accounts should be issued to the user?
two - one for normal tasks, one for administrative-level tasks
which setting ensures that accounts are not used beyond a certain data and/or time?
account expiration
what are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?
accountability
which setting ensures that users periodically change their account passwords?
password expiration
what is the name for the process of tracking user activities by recording selected events in the server activity logs?
auditing
which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?
acceptable use policy
which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?
technical or logical controls
what are the FIVE stages in the life cycle of the evidence or the chain of custody?
- collection of evidence from the site2. analysis of the evidence by a team of experts3. storage of the evidence in a secure place to ensure that the evidence is not tampered with4. presentation of the evidence by legal experts in a court of law5. returning the evidence to the owner after the proceedings are over
what is the purpose of audit logs?
to document actions taken on a computer network and the party responsible for those actions
which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?
technical controls
what is the purpose of technical controls?
to restrict access to objects and protect availability, confidentiality, and integrity
when should an administrative account be used?
when performing administrative-level tasks