Chapter 4: Auditing and Accountability

Question 1

trace activities in our environment back to their source

Answer 1

accountability

Question 2

refers to a situation in which sufficient evidence exists as to prevent an individual form successfully denying that he or she has made a statement, or taken an action

Answer 2

nonrepudiation

Question 3

primary means to ensure accountability through technical means

Answer 3

auditing

Question 4

gives us a history of the activities that have taken place in the environment

Answer 4

logging

Question 5

a subset of auditing and tends to focus on observing information about the environment in question

Answer 5

monitoring

Question 6

when an audit takes a more active route toward determining whether everything is as it should be and compliant with relevant laws, regulations, or policies

Answer 6

Assessment

Question 7

uses vulnerability scanning tools in order to locate such vulnerabilities

Answer 7

vulnerability assessments

Question 8

generally work by scanning the target systems discover which ports are open on them, and then interrogating each open port to find out exactly which service is listening on the port in question.

Answer 8

vulnerability scanning tools like Nessus

Question 9

a more active method of finding security holes

Answer 9

penetration testing

Question 10

standards used by credit card industry that lays requirements for vendors to protect customer’s data

Answer 10

Payment Card Industry (PCI) Data Security Standard