20. Which of the following Organization for Economic Co-Operation and Development’s (OECD’s) principles deal with so that the rights and legitimate interests of others are respected?
a. Accountability
b. Ethics
c. Awareness
d. Multidisciplinary
20. b. The ethics principle of OECD states that the information systems and the security of information systems should be provided and used in such a manner that the rights and legitimate interests of others are respected.
21. Which of the following establishes security layers to minimize incident impact?
1. Zoning
2. Need-to-know
3. Compartmentalization
4. Unique identifiers
a. 1 and 2
b. 2 and 4
c. 1 and 3
d. 3 and 4
21. c. Zoning and compartmentalization establish security layers to minimize incident impact. The need-to-know principle limits access to data and programs. The unique identifiers provide for individual accountability and facilitate access control.
22. Which of the following generally accepted systems’ security principles address the major purpose of computer security?
a. Computer security is an integral element of sound management.
b. Computer security requires a comprehensive and integrated approach.
c. Computer security supports the mission of the organization.
d. Computer security should be cost-effective.
22. c. The purpose of the computer security is to protect an organization’s valuable resources, such as data, information, hardware, people, and software. When valuable resources are protected, the organization’s mission is also accomplished.
23. Which of the following are the primary sources of computer security log data for most organizations?
1. Network-based security software logs
2. Host-based security software logs
3. Operating system logs
4. Application system logs
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
23. a. Most organizations use several types of network-based and host-based security software to detect malicious activity and protect systems and data from damage. Accordingly, security software is the primary source of computer security log data for most organizations.
24. Which of the following logs record significant operational actions?
a. Network-based security software logs
b. Host-based security software logs
c. Operating system logs
d. Application system logs
24. d. Many applications record significant operational actions such as application startup and shutdown, application failures, and major configuration changes. The other three logs do not provide significant operational actions.
25. Which of the following is not an example of security software logs?
a. Packet filter logs
b. Web server logs
c. Firewall logs
d. Antimalware software logs
25. b. Web server logs are an example of application logs. The other three logs are examples of security software logs.
26. Which of the following logs is primarily useful in analyzing attacks against desktops or workstations?
a. Antimalware software logs
b. Packet filter logs
c. Firewall logs
d. Authentication server logs
26. a. The antimalware software logs have higher accuracy of data than operating system logs from desktops or workstations. Accordingly, these logs are primarily useful in analyzing attacks. The other three logs have a secondary usage.
27. Which of the following provides a secondary source in analyzing inappropriate usage?
a. Authentication server logs
b. E-mail server logs
c. Web server logs
d. File sharing logs
27. a. Authentication server logs are a part of security software logs, whereas all the other logs are examples of application logs. These application logs generate highly detailed logs that reflect every user request and response, which provide a primary source in analyzing inappropriate usage. Authentication servers typically log each authentication attempt, including its origin, success or failure, and date and time. Application logs capture data prior to authentication server logs, where the former is a primary source, and the latter is a secondary source.
28. All the following can make log generation and storage challenging except:
