IS3230 CHAPTER 15 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 15 > Flashcards

Flashcards in IS3230 CHAPTER 15 Deck (22):
1

A series of events gleaned from parsed log file repots over a period of time is called ___.

AUDIT TRAIL

2

A list of known malicious behaviors that should be automatically denied is called ___.

BLACKLIST

3

Occurs when an intrusion detection system overlooks anomalous activity is called ___.

FALSE NEGATIVE

4

Occurs when an intrusion detection system labels normal activity as anomalous is called ___.

FALSE POSITIVE

5

The process of translating log files from various systems into a common format is called ___.

NORMALIZATION

6

The process of translating and reformatting raw log files into useful reports is called ___.

PARSING

7

Regarding log files, the process of determining which log files and/or entries are important and may require action versus which are less important or informational only is called ___.

PRIORITIZATION

8

A software package that centralizes and normalizes log files from a variety of applications and devices is called ___.

SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

9

A list of known approved behaviors that should be automatically allowed is called ___.

WHITELIST

10

1. According to the CIA triad, the three pillars of information assurance are ___, ___, ___.

CONFIDENTIALITY
INTEGRITY
AVAILABILITY

11

2. Non-reugidation provides the sender of information with which of the following?
1. Read receipt
2. Notification that the message was deleted without being opened
3. Proof of delivery
4. Notification that the message was forwarded to a third part by the original recipient

Proof of delivery

12

3. The Parkerian hexad adds which elements to the CIA triad? (Select three)
1. Possession or control
2. Non-repudiation
3. Authenticity
4. Utility
5. Authentication

Possession or control
Authenticity
Utility

13

4. Only security engineers need training in information assurance.
TRUE OR FALSE

FALSE

14

5. Timeliness is an important goal of any access control monitoring system.
TRUE OR FALSE

TRUE

15

6. Intrusion detection systems that operate on the principle of misuse detection compare activity to a ___ of known suspicious events.

Blacklist

16

7. Intrusion detection systems that operate on the principle of specification detection use a ___ to identify normal ranges of behavior.

Whitelist

17

8. Which type of events in an audit log report user logon attempts and system resource usage?
1. System-level
2. Application-level
3. User-level
4. Unauthorized access-level

System-level

18

9. Which events in an audit log report user authentication attempts, commands and applications used, and security violations committed by users?
1. System-level
2. Application-level
3. User-level
4. Unauthorized access-level

User-level

19

10. Which events in an audit log report error messages, file modifications, and security alerts generated by individual applications?
1. System-level
2. Application-level
3. User-level
4. Unauthorized access-level

Application-level

20

11. What is normalization?
1. The process of rotating older audit logs into long-term storage
2. The process of translating log files from various systems into a common format
3. The process of separating normal events from anomalies
4. The process of analyzing log files

The process of translating log files from various systems into a common format

21

12. Automated audit log analysis software makes manual log analysis unnecessary.
TRUE OR FALSE

FALSE

22

13. An SIEM is which type of tool?
1. Access control
2. Risk analysis
3. Audit log analysis
4. Training

Audit log analysis