Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
Getting Ready for Chapter 5 - Questions
Previous Page
Pages in Current Topic/Section
1
Next Page
5.0  Operational/Organizational Security
Next Topic/Section

Getting Ready for Chapter 5 - Answers

1. Separation of duties is valuable in deterring fraud .

Explanation: Separation of duties is considered valuable in deterring fraud since fraud can occur if an opportunity exists, due to combinations of various jobs related capabilities being performed by one person. Separation of duty requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set. The most commonly used examples are the separate transactions needed to initiate a payment and to authorize a payment. No single individual should be capable of executing both transactions. In order for fraud to occur, multiple people would have to collaborate in pulling it off -- difficult, because while one person can generally keep a secret, with two people, secrets typically don't stay secret for long.

 

2. Enforcing minimum privileges for general system users can be easily achieved through the use of RBAC .

Explanation: Ensuring least privilege requires identifying what the user's job is, determining the minimum set of privileges required to perform that job, and restricting the user to a domain with those privileges and nothing more. By denying to subjects transactions that are not necessary for the performance of their duties, those denied privileges couldn't be used to circumvent the organizational security policy. Although the concept of least privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system administrator. Through the use of RBAC (role based access control), enforced minimum privileges for general system users can be easily achieved.

 

3. All logs are kept on archive for a period of time. It is retention policies which determine this period of time.

Explanation: All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time, called a retention period. This period of time will be determined by your company policies. This allows the use of logs for regular audits, and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.

Administrator preference is often used to determine certain things like how long logs are retained. But since these decisions can affect the ability of the company to go back and research potential security issues, it is a corporate issue that should be governed by a deliberate policy statement.

 

4. How often should logging be performed? Always

Explanation: Usually logging is done 24 hours per day, 7 days per week, on all available systems and services except during the maintenance window where some of the systems and services may not be available while maintenance is being performed.

If you only perform logging at certain times, then any activities taking place at other times won't be logged, and can't be used for auditing or forensic activities at a later date. This makes your network more vulnerable to undetected intrusions and thus a more attractive target for attackers.

 

5. Which of the following are potential firewall problems that should be logged?

A. Reboots

B. Proxies restarted

C. Changes to the configuration file.

D. No Answer is Correct

Explanation: The following firewall problems should be logged:

  • Reboot of the firewall.

  • Proxies that cannot start (e.g. Within the firewall).

  • Proxies or other important services that have died or restarted.

  • Changes to firewall configuration file.

  • A configuration or system error while firewall is running.

A reboot or proxy restart signals a potential reliability issue, or a cracker restarting the firewall after configuration changes or an attempted attack. Changes to the configuration file may be made under legitimate circumstances (by the network administrator) or might indicate an intrusion by unauthorized individuals. Similarly, system and configuration errors might indicate intrusion attempts, or reliability problems.


Previous Topic/Section
Getting Ready for Chapter 5 - Questions
Previous Page
Pages in Current Topic/Section
1
Next Page
5.0  Operational/Organizational Security
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.