Chapter 10

Review Questions

1. Reviewing a subject’s privileges over an object is known as _____.

A. privilege auditing

B. threat auditing

C. risk appraisal

D. exploitation evaluation

2. _____ is the process of assigning and revoking privileges to objects and covers the procedures of managing object authorizations.

A. Privilege management

B. Risk assessment

C. Threat mitigation

D. Risk management

3. One of the disadvantages of centralized privilege management is that ______.

A. attackers can exploit it easier

B. most hardware and software do not support it

C. it places more of a burden on the network infrastructure

D. users may have to wait longer for requested changes to security privileges

4. The individual elements or settings within group policies are known as ______.

A. Group Policy Objects (GPOs)

B. Policy Templates

C. AD Infrastructures (ADI)

D. Group Tiers

5. _____ is a set of strategies for administering, maintaining, and managing computer storage systems in order to retain data.

A. Supervised data storage

B. Strategic AD retention

C. Storage and retention administration

D. Information lifecycle management (ILM)

6. _____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to data.

A. Risk assessment

B. Threat mitigation

C. Data classification

D. Information assignment

7. When grouping data into categories, which of the following is NOT a question that is asked of users regarding their use of data?

A. How long must the data be kept?

B. How often will it be accessed?

C. How quickly should it be retrieved?

D. How was it first created?

8. _____ typically involves an examination of which subjects are accessing specific objects and how frequently.

A. Usage auditing

B. User reporting

C. Permission auditing

D. Resource reporting

9. When permissions are assigned to a folder, any current subfolders and files within that folder ________.

A. inherit the same permissions

B. can be deleted only by the administrator

C. are available to the currently logged-in user

D. cannot be accessed

10. GPOs that are inherited from parent containers are processed first followed by _____.

A. the order that policies were linked to a container object

B. the date that the policy was enacted

C. policies that are only on the AD

D. any policy that has been designated “VITAL”

11. Each of the following has contributed to an increase in the number of logs generated except ______.

A. faster network access

B. larger number of systems

C. escalating number of attacks

D. most hardware and software can create logs

12. Each of the following is an example of a security application log except ______,

A. antivirus software

B. Domain Name System (DNS) servers

C. remote access software

D. automated patch update service

13. If a firewall log reveals a high number of probes to ports that have no application services running on them, this could indicate ______.

A. attackers are trying to determine if the ports and corresponding applications are already in use

B. an attack from the internal network

C. an IP Map Protocol (IPMP) attack

D. suspicious outbound traffic

14. A(n) _____ is an occurrence within a software system that is communicated to users or other programs outside the operating system.

A. session

B. task

C. event

D. supplicant

15. Client request and server responses are found in which type of logs?

A. System event logs

B. Risk security logs

C. User application logs

D. Security alert logs

16. Each of the following is an advantage to using logs except ______.

A. Logs can help to identify security incidents

B. Logs can be useful for performing auditing analysis

C. Logs can be used to provide documentation that the organization is complying with laws

D. Logs can be useful for identifying user passwords that may have been lost

17. Each of the following is a challenge to log management except ______.

A. Single standard for log formats

B. Inconsistent timestamps

C. Variety of recorded information

D. Large number of log sources

18. _____ refers to a methodology for making changes and keeping track of those changes, often manually.

A. Change management

B. Resource logging

C. Assessment auditing

D. Vulnerability scanning

19. A group that oversees changes is known as a(n) _______.

A. change management team (CMT)

B. review log team (RLT)

C. asset track organization (ATO)

D. log panel (LP)

20. Each of the following is a monitoring mechanism except ______.

A. Anomaly-based monitoring

B. Signature-based monitoring

C. Risk-based monitoring

D. Behavior-based monitoring