POPPSALAD Flashcards

Security Audit categories

1
Q

(1) P

A

Policy Changes

changes to user rights, Windows Firewall, GPO’s, audit, or trust policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(2) O

A

Object Access

When an object (i.e. file,folder,etc) is accessed that has a SACL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(3) P

A

Privilege Use

When a user exercises a user right or privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

(4) P

A

Process Tracking

Process Activation, process exit, and indirect object access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(5) S

A

System

Computer security events such as restart, shutdown, or clearing the event log.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(6) A

A

Account Management

Creation, deletion, or change of user account, group, or any password change.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

(7) L

A

Logon
Logon attempts
(these are logon attempts not authentication events)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(8) A

A

Account logon

Network based access to a computer and attempts to connect to shares; also known as authentication events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

(9) D

A

Directory Services Management

When a user accesses a directory service object with a SACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly