2 cissp ® Official Study Guide Eighth Edition

798
Chapter 17 
■
Preventing and Responding to Incidents
13.
What type of a security control is an audit trail?
A.
Administrative
B.
Detective
C.
Corrective
D.
Physical
14.
Which of the following options is a methodical examination or review of an environment to 
ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, 
or outright crimes?
A.
Penetration testing
B.
Auditing
C.
Risk analysis
D.
Entrapment
15.
What can be used to reduce the amount of logged or audited data using nonstatistical
methods?
A.
Clipping levels
B.
Sampling
C.
Log analysis
D.
Alarm triggers
16.
Which of the following focuses more on the patterns and trends of data than on the actual 
content?
A.
Keystroke monitoring
B.
Traffic analysis
C.
Event logging
D.
Security auditing
17.
What would detect when a user has more privileges than necessary?
A.
Account management
B.
User entitlement audit
C.
Logging
D.
Reporting
Refer to the following scenario when answering questions 18 through 20.
An organization has an incident response plan that requires reporting incidents after 
verifying them. For security purposes, the organization has not published the plan. 
Only members of the incident response team know about the plan and its contents. 
Recently, a server administrator noticed that a web server he manages was running 
slower than normal. After a quick investigation, he realized an attack was coming from 

Review Questions 
799
a specific IP address. He immediately rebooted the web server to reset the connection 
and stop the attack. He then used a utility he found on the internet to launch a pro-
tracted attack against this IP address for several hours. Because attacks from this IP 
address stopped, he didn’t report the incident.

Download 19,3 Mb.

Do'stlaringiz bilan baham: