4.1 Security Architecture and Tool Sets

Question 1

which audit category will audit all instances of users exercising their rights?

Answer 1

the audit privilege use audit category

Question 2

what is another term for logical controls?

Answer 2

technical controls

Question 3

which type of controls dictates how security policies are implemented to fulfill the company’s security goals?

Answer 3

administrative or management control

Question 4

what is the name of the process for removing only the incriminating data from the audit logs?

Answer 4

scrubbing

Question 5

which type of controls is implemented to secure physical access to an object, such as building, a room, or a computer?

Answer 5

physical or operational control

Question 6

which type of controls include developing policies and procedures, screening personnel, conducting security awareness training, and implementing change control?

Answer 6

administrative controls

Question 7

what is the purpose of administrative controls?

Answer 7

to implement security policies based on procedures, standards, and guidelines

Question 8

what is the purpose of password complexity rules?

Answer 8

to ensure that users do not use passwords that are easy to guess using dictionary attacks

Question 9

what must you do for an effective security auditing policy, besides creating security logs?

Answer 9

analyze the logs

Question 10

what is the purpose of physical controls?

Answer 10

to work with administrative and technical controls to enforce physical access control

Question 11

which audit category tracks access to all objects outside active directory?

Answer 11

the audit object access audit category

Question 12

which password attack does an account lockout policy protect against?

Answer 12

a brute force attack

Question 13

if a user needs administrative-level access, how many user accounts should be issued to the user?

Answer 13

two - one for normal tasks, one for administrative-level tasks

Question 14

which setting ensures that accounts are not used beyond a certain data and/or time?

Answer 14

account expiration

Question 15

what are you trying to determine if you implement audit trails to ensure that users are not performing unauthorized functions?

Answer 15

accountability

Question 16

which setting ensures that users periodically change their account passwords?

Answer 16

password expiration

Question 17

what is the name for the process of tracking user activities by recording selected events in the server activity logs?

Answer 17

auditing

Question 18

which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?

Answer 18

acceptable use policy

Question 19

which type of controls includes access control mechanisms, password management, identification methods, authentication methods, and security devices?

Answer 19

technical or logical controls

Question 20

what are the FIVE stages in the life cycle of the evidence or the chain of custody?

Answer 20

1. collection of evidence from the site
2. analysis of the evidence by a team of experts
3. storage of the evidence in a secure place to ensure that the evidence is not tampered with
4. presentation of the evidence by legal experts in a court of law
5. returning the evidence to the owner after the proceedings are over

Question 21

what is the purpose of audit logs?

Answer 21

to document actions taken on a computer network and the party responsible for those actions

Question 22

which type of controls work to protect system access, network architecture and access, control zones, auditing, and encryption and protocols?

Answer 22

technical controls

Question 23

what is the purpose of technical controls?

Answer 23

to restrict access to objects and protect availability, confidentiality, and integrity

Question 24

when should an administrative account be used?

Answer 24

when performing administrative-level tasks

Question 25

which linux file contains encrypted user passwords that only the root user can read?

Answer 25

/etc/shadow

Question 26

what is the purpose of password age rules?

Answer 26

to ensure that users change their passwords on a regular basis

Question 27

which account should you rename immediately after installing a new operating system (OS) to harden the OS?

Answer 27

the administrator account

Question 28

which assessment examines whether network security practices follow a company’s security policy?

Answer 28

an audit

Question 29

which audit category monitors changes to user accounts and groups?

Answer 29

the audit account management audit category

Question 30

what is the purpose of the password history settings?

Answer 30

to ensure that users do not keep reusing the same passwords

Question 31

which setting ensures that repeated attempts to guess a user’s password is not possible beyond the configured value?

Answer 31

account lockout

Question 32

which account should you disable immediately after installing a new operating system (OS) to harden the OS?

Answer 32

the guest account

Question 33

which log in event viewer should you open to view events that are generated based on your auditing settings?

Answer 33

the security log

Question 34

what is a good password complexity policy?

Answer 34

a mixture of numbers, uppercase and lowercase letters, and special characters, such as rObin3*nest

Question 35

which audit category tracks all attempts to log on with a domain user account when enabled on domain controllers?

Answer 35

the audit account logon events audit category

Question 36

which type of controls includes controlling access to different parts of a building, implementing locking systems, installing fencing, implementing environmental controls, and protecting the facility perimeter?

Answer 36

physical controls