IS3230 CHAPTER 15

Question 1

A series of events gleaned from parsed log file repots over a period of time is called ___.

Answer 1

AUDIT TRAIL

Question 2

A list of known malicious behaviors that should be automatically denied is called ___.

Answer 2

BLACKLIST

Question 3

Occurs when an intrusion detection system overlooks anomalous activity is called ___.

Answer 3

FALSE NEGATIVE

Question 4

Occurs when an intrusion detection system labels normal activity as anomalous is called ___.

Answer 4

FALSE POSITIVE

Question 5

The process of translating log files from various systems into a common format is called ___.

Answer 5

NORMALIZATION

Question 6

The process of translating and reformatting raw log files into useful reports is called ___.

Answer 6

PARSING

Question 7

Regarding log files, the process of determining which log files and/or entries are important and may require action versus which are less important or informational only is called ___.

Answer 7

PRIORITIZATION

Question 8

A software package that centralizes and normalizes log files from a variety of applications and devices is called ___.

Answer 8

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

Question 9

A list of known approved behaviors that should be automatically allowed is called ___.

Answer 9

WHITELIST

Question 10

1. According to the CIA triad, the three pillars of information assurance are ___, ___, ___.

Answer 10

CONFIDENTIALITY
INTEGRITY
AVAILABILITY

Question 11

2. Non-reugidation provides the sender of information with which of the following?
3. Read receipt
4. Notification that the message was deleted without being opened
5. Proof of delivery
6. Notification that the message was forwarded to a third part by the original recipient

Answer 11

Proof of delivery

Question 12

3. The Parkerian hexad adds which elements to the CIA triad? (Select three)
4. Possession or control
5. Non-repudiation
6. Authenticity
7. Utility
8. Authentication

Answer 12

Possession or control
Authenticity
Utility

Question 13

4. Only security engineers need training in information assurance.
   TRUE OR FALSE

Answer 13

FALSE

Question 14

5. Timeliness is an important goal of any access control monitoring system.
   TRUE OR FALSE

Answer 14

TRUE

Question 15

6. Intrusion detection systems that operate on the principle of misuse detection compare activity to a ___ of known suspicious events.

Answer 15

Blacklist

Question 16

7. Intrusion detection systems that operate on the principle of specification detection use a ___ to identify normal ranges of behavior.

Answer 16

Whitelist

Question 17

8. Which type of events in an audit log report user logon attempts and system resource usage?
9. System-level
10. Application-level
11. User-level
12. Unauthorized access-level

Answer 17

System-level

Question 18

9. Which events in an audit log report user authentication attempts, commands and applications used, and security violations committed by users?
10. System-level
11. Application-level
12. User-level
13. Unauthorized access-level

Answer 18

User-level

Question 19

10. Which events in an audit log report error messages, file modifications, and security alerts generated by individual applications?
11. System-level
12. Application-level
13. User-level
14. Unauthorized access-level

Answer 19

Application-level

Question 20

11. What is normalization?
12. The process of rotating older audit logs into long-term storage
13. The process of translating log files from various systems into a common format
14. The process of separating normal events from anomalies
15. The process of analyzing log files

Answer 20

The process of translating log files from various systems into a common format

Question 21

12. Automated audit log analysis software makes manual log analysis unnecessary.
    TRUE OR FALSE

Answer 21

FALSE

Question 22

13. An SIEM is which type of tool?
14. Access control
15. Risk analysis
16. Audit log analysis
17. Training

Answer 22

Audit log analysis