Chat with AI
Deck 10: Auditing, Monitoring, and Logging
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 10: Auditing, Monitoring, and Logging
1
As part of the initiation and planning audit phase, it is customary for a(n) ____ to be developed, which serves as a service agreement between the auditing team and the requesting entity.
A) contingency plan
C) engagement letter
B) incident report
D) change request
A) contingency plan
C) engagement letter
B) incident report
D) change request
C
2
Logs provide dynamic records of running processes.
False
3
In Microsoft Windows-based systems, you can use the ____ to manage event logs from the command line.
A) ps command
C) service command
B) PsLoggedOn tool
D) Wevtutil utility
A) ps command
C) service command
B) PsLoggedOn tool
D) Wevtutil utility
D
4
____ are processes that are designed to operate without user interaction.
A) States
C) Activities
B) Services
D) Handles
A) States
C) Activities
B) Services
D) Handles
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
COBIT provides a framework to support information security requirements and assessment needs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
The basic operation of a system logging facility is to collects events from log files, processes the data, stores the results, and performs notification or alerting, as required.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
The purpose of ____ is to manage the effects of changes or differences in configurations on an information system or network.
A) security information and event management (SIEM)
B) security operations center management(SOCM)
C) configuration and change management (CCM)
D) program monitoring
A) security information and event management (SIEM)
B) security operations center management(SOCM)
C) configuration and change management (CCM)
D) program monitoring
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
A(n) ____ is a task being performed by a computing system.
A) handle
C) action
B) activity
D) process
A) handle
C) action
B) activity
D) process
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
On most current versions of Microsoft Windows-based systems, logging is managed by the ____, which is accessible from the system control panel.
A) view daemon
C) service command
B) Event Viewer
D) DLL
A) view daemon
C) service command
B) Event Viewer
D) DLL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
Tracking events in which group membership has changed or rights have been elevated gives security professionals a warning that ____ is occurring.
A) privilege escalation
C) auditing
B) directory traversal
D) data leakage
A) privilege escalation
C) auditing
B) directory traversal
D) data leakage
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
In the Windows OS, services are usually initiated (loaded or started) at boot-up as ____, which consist of software code, data and/or other resources necessary to provide the service.
A) firmware
C) dynamic-link libraries (DLLs)
B) daemons
D) cache
A) firmware
C) dynamic-link libraries (DLLs)
B) daemons
D) cache
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
A spreadsheet program might record an error for access to a file in the ____ log.
A) system
C) application
B) setup
D) operation
A) system
C) application
B) setup
D) operation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
Most system logs are very difficult to collect, store, read, and understand.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
You can view Ubuntu Linux distribution daemons using the ____.
A) service DLL
C) service management console
B) service utility
D) service command
A) service DLL
C) service management console
B) service utility
D) service command
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
What is logged in the system log is predetermined by Windows.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
From a network security perspective, the ____ logs are the most valuable to a systems and network administrator in identifying and resolving issues.
A) admin and operational
C) analytic and debug
B) applications and services
D) admin and analytic
A) admin and operational
C) analytic and debug
B) applications and services
D) admin and analytic
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Which Linux file records all logins and logouts that occur on the system?
A) utmp
C) cron
B) btmp
D) wtmp
A) utmp
C) cron
B) btmp
D) wtmp
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
To investigate running processes, we would turn to the ____ in Linux.
A) Task Manager
C) PsLoggedOn tool
B) ps command
D) Wevtutil utility
A) Task Manager
C) PsLoggedOn tool
B) ps command
D) Wevtutil utility
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Within the change management process, after the need for a change has been identified, a(n) ____ is submitted to the appropriate decision-making body.
A) contingency plan
C) engagement letter
B) incident report
D) change request
A) contingency plan
C) engagement letter
B) incident report
D) change request
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Which Linux file shows a listing of failed login attempts?
A) utmp
C) cron
B) btmp
D) wtmp
A) utmp
C) cron
B) btmp
D) wtmp
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Which COBIT domain focuses on ongoing maintenance and change requirements to extend the usability of the system?
A) Plan and Organize
C) Delivery and Support
B) Acquire and Implement
D) Monitor and Evaluate
A) Plan and Organize
C) Delivery and Support
B) Acquire and Implement
D) Monitor and Evaluate
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A snapshot of a particular version of software assembled (or linked) from its various component modules.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A snapshot of a particular version of software assembled (or linked) from its various component modules.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
A(n) ____________________ is any action that may be of interest to you on a device.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A hardware or software item that is to be modified and revised throughout its life cycle.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A hardware or software item that is to be modified and revised throughout its life cycle.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
The exfiltration or unauthorized release of data, known as ____________________, is a top concern for most security professionals.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A list of the versions of components that make up a build.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A list of the versions of components that make up a build.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
The primary focus of ____ is to determine if the standards and/or regulations the organization claims to comply with are, in fact, complied with.
A) accreditation
C) continuous monitoring
B) configuration management
D) an audit
A) accreditation
C) continuous monitoring
B) configuration management
D) an audit
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
In security management, ____________________ is what authorizes an IT system to process, store, or transmit information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
The recorded state of a particular revision of a software or hardware configuration item.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
The recorded state of a particular revision of a software or hardware configuration item.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
____________________ is the period of time that log files or log file data should be maintained.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A minor revision of the version from its previous state.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A minor revision of the version from its previous state.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A collection of configuration items that is usually controlled and that developers use to construct revisions and to issue new configuration items.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A collection of configuration items that is usually controlled and that developers use to construct revisions and to issue new configuration items.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
A(n) ____________________ is a measurement of activity that represents the normal state or routine condition.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
The primary purpose of ____ is to enable organizations to obtain certification; thus, it serves more as an assessment tool than an implementation framework.
A) ISO/IEC 27001
C) COBIT
B) ISO/IEC 27002
D) ISACA
A) ISO/IEC 27001
C) COBIT
B) ISO/IEC 27002
D) ISACA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Which COBIT domain focuses on the functionality of the system for the end user?
A) Plan and Organize
C) Delivery and Support
B) Acquire and Implement
D) Monitor and Evaluate
A) Plan and Organize
C) Delivery and Support
B) Acquire and Implement
D) Monitor and Evaluate
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A significant revision of the version from its previous state.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A significant revision of the version from its previous state.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks.
A) ISO/IEC 27001
C) COBIT
B) ISO/IEC 27002
D) ISACA
A) ISO/IEC 27001
C) COBIT
B) ISO/IEC 27002
D) ISACA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
____ demonstrates that management has identified an acceptable risk level and provided resources to control unacceptable risk levels.
A) Certification
C) Integrity
B) Accreditation
D) Authorization
A) Certification
C) Integrity
B) Accreditation
D) Authorization
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
The date associated with a particular version or build.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
The date associated with a particular version or build.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Match each item with a statement below.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A collection of components that make up a configuration item.
a.Configuration item
f.Build list
b.Version
g.Configuration
c.Major release
h.Revision date
d.Minor release
i.Software library
e.Build
A collection of components that make up a configuration item.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What is the purpose of ISO/IEC 27002?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Describe the purpose of change management.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Describe two places where network connection events may be tracked and explain what events can be tracked.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Explain the idea behind syslog and how it is used.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Describe a security operation center (SOC).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Why is it important to keep track of system restart and shutdown events?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What are six things that log management technologies are designed to do?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
List the three actions that usually cause an audit system to log an event.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
After a change has been reviewed and evaluated, what three actions might be taken?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Explain the three categorical groupings for information processed by the federal government.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
