ISC2 - Study Notes 19 Flashcards
uses three or more drives in an array and uses striping with parity. It writes data onto the drives in stripes, and it uses the equivalent of one drive for parity data. If any single drive fails, the array can use the parity information to reconstruct the data and the array continues to operate.
RAID-5
can survive the failure of two disk drives. ??? requires a minimum of four disks, with the equivalent of two disks dedicated to parity. ??? is a RAID that uses two parity blocks.
RAID-6
allow a service to continue to operate even if a server fails. A ??? provides fault tolerance at the server level.
Failover Clusters
A ??? simply backs up the entire contents of the target data. This is useful if there isn’t much data to back up or the data doesn’t change very often.
??? backup strategy, you back up all the data to start the backup plan. Then on a regular basis you back up only the data that has changed since the last backup.
??? backup strategy, you back up all the data to start the plan, and then on a regular basis you back up all of the data that has changed since the last full backup.
full backup / incremental backup / differential backup
combined with strong authentication and authorization practices provide nonrepudiation.
Audit Logs
ignores events such as normal user errors until the auditing system reaches a predetermined threshold. However, the accounting system generates an alert after it detects the number of events has reached the threshold. ??? such as this ignore individual logon failures and only act after reaching the threshold.
Clipping Level
??? can record activity from any auditable activity and can record both success and failure events.
??? events from the operating system, such as when the system boots or is shut down, and when a driver or service stops or starts.
??? events from applications. These events can be from end-user applications, such as a web browser, or server-based applications, which include database server applications and networking services, such as a server running the Domain Name System (DNS) service.
??? events related to the setup of certain applications.
Security logs / System log Records / Application log Records / Setup log Records
Many attackers attempt to erase the audit trail by erasing or modifying individual logs. Their goal is often to get in, attack the system, erase or modify the logs, and then get out. However, logs on remote systems are more difficult for attackers to erase or modify.
Info
Most proxy servers can log all activity through the proxy server. This allows an organization to track websites that users access with their web browsers, how much time they spend on the sites, and all attempts to visit unauthorized sites.
proxy server uses Network Address Translation (NAT) to translate private addresses from internal clients to public addresses used by Internet-based websites. The proxy server caches web pages.
Proxy Server Info
In some scenarios, organizations write the archived log data to a write once, read many (WORM) drive to prevent someone from rewriting the archived logs.
password audit checks to see whether users are following the policies related to passwords. password audit could use a password-cracking tool to determine whether any passwords fail to meet these requirements.
Info
