IS3230 CHAPTER 15 Flashcards
A series of events gleaned from parsed log file repots over a period of time is called ___.
AUDIT TRAIL
A list of known malicious behaviors that should be automatically denied is called ___.
BLACKLIST
Occurs when an intrusion detection system overlooks anomalous activity is called ___.
FALSE NEGATIVE
Occurs when an intrusion detection system labels normal activity as anomalous is called ___.
FALSE POSITIVE
The process of translating log files from various systems into a common format is called ___.
NORMALIZATION
The process of translating and reformatting raw log files into useful reports is called ___.
PARSING
Regarding log files, the process of determining which log files and/or entries are important and may require action versus which are less important or informational only is called ___.
PRIORITIZATION
A software package that centralizes and normalizes log files from a variety of applications and devices is called ___.
SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
A list of known approved behaviors that should be automatically allowed is called ___.
WHITELIST
- According to the CIA triad, the three pillars of information assurance are ___, ___, ___.
CONFIDENTIALITY
INTEGRITY
AVAILABILITY
- Non-reugidation provides the sender of information with which of the following?
- Read receipt
- Notification that the message was deleted without being opened
- Proof of delivery
- Notification that the message was forwarded to a third part by the original recipient
Proof of delivery
- The Parkerian hexad adds which elements to the CIA triad? (Select three)
- Possession or control
- Non-repudiation
- Authenticity
- Utility
- Authentication
Possession or control
Authenticity
Utility
- Only security engineers need training in information assurance.
TRUE OR FALSE
FALSE
- Timeliness is an important goal of any access control monitoring system.
TRUE OR FALSE
TRUE
- Intrusion detection systems that operate on the principle of misuse detection compare activity to a ___ of known suspicious events.
Blacklist
- Intrusion detection systems that operate on the principle of specification detection use a ___ to identify normal ranges of behavior.
Whitelist
- Which type of events in an audit log report user logon attempts and system resource usage?
- System-level
- Application-level
- User-level
- Unauthorized access-level
System-level
- Which events in an audit log report user authentication attempts, commands and applications used, and security violations committed by users?
- System-level
- Application-level
- User-level
- Unauthorized access-level
User-level
- Which events in an audit log report error messages, file modifications, and security alerts generated by individual applications?
- System-level
- Application-level
- User-level
- Unauthorized access-level
Application-level
- What is normalization?
- The process of rotating older audit logs into long-term storage
- The process of translating log files from various systems into a common format
- The process of separating normal events from anomalies
- The process of analyzing log files
The process of translating log files from various systems into a common format
- Automated audit log analysis software makes manual log analysis unnecessary.
TRUE OR FALSE
FALSE
- An SIEM is which type of tool?
- Access control
- Risk analysis
- Audit log analysis
- Training
Audit log analysis
