CertiGuide to Security+  9  Chapter 7:  Practice Exam Answers

Answers to Questions 71-75 1 Answers to Questions 81-85

76. Which of the following should NOT be logged for performance problems?

A. CPU load.

B. Percentage of idle time.

C. Percentage of use.

D. No Answer is Correct

Explanation: The level of logging will be according to your company requirements. Below is a list of items that could be logged, please note that some of the items may not be applicable to all operating systems. What is being logged depends on whether you are looking for performance problems or security problems. However you have to be careful about performance problems that could affect your security.

& Section 1.7: Auditing

& Section 5.9.4: Logs and Inventories

77. Which of the following should be logged for security problems?

A. Use of mount command.

B. Percentage of idle time.

C. Percentage of use.

D. No Answer is Correct

Explanation: The level of logging will be according to your company requirements. Below is a list of items that could be logged, please note that some of the items may not be applicable to all operating systems. What is being logged depends on whether you are looking for performance problems or security problems. However you have to be careful about performance problems that could affect your security.

Percentage of idle time and percentage of use might be useful in capacity planning, in which you determine what computing resources you will need to handle future needs, but they are not generally related to security problems.

& Section 1.7: Auditing

& Section 5.9.4: Logs and Inventories

78. Which of the following services should be logged for security purpose?

A. bootp

B. tftp

C. sunrpc

D. No Answer is Correct

Explanation: Requests for the following services should be logged on all systems: systat, bootp, tftp, sunrpc, snmp, snmp-trap, nfs. This list is rather UNIX-centric, nevertheless, it's possible for many of those services to be running on Windows as well (if you're running them, log them!).

& Section 1.7: Auditing

& Section 5.9.4: Logs and Inventories

79. The activity that consists of collecting information that will be used for monitoring is called:

A. Logging

B. Troubleshooting

C. Auditing

D. Inspecting

Explanation: Logging is the activity that consists of collecting information that will be used for monitoring and auditing. Detailed logs combined with active monitoring allow detection of security issues before they negatively affect your systems.

Troubleshooting is the activity of collecting information used for diagnosing a system or network problem, not for monitoring. Auditing is the review of logs, configuration information, etc. for reasons including verifying compliance with security policies and identifying potential issues. Inspecting is also a review of existing information, hardware or software.

& Section 1.7: Auditing

& Section 5.9.4: Logs and Inventories

80. How often should logging be performed?

A. Always

B. Once a day

C. Once every week

D. During maintenance

Explanation: Usually logging is done 24 hours per day, 7 days per week, on all available systems and services except during the maintenance window where some of the systems and services may not be available while maintenance is being performed.

If you only perform logging at certain times, then any activities taking place at other times won't be logged, and can't be used for auditing or forensic activities at a later date. This makes your network more vulnerable to undetected intrusions and thus a more attractive target for attackers.

& Section 1.7: Auditing

& Section 5.9.4: Logs and Inventories

Answers to Questions 71-75 1 Answers to Questions 81-85