Читаем CISSP Practice полностью

a. Distributed nature of logs

b. Log management utility software

c. Inconsistent log formats

d. Volume of logs

28. b. The distributed nature of logs, inconsistent log formats, and volume of logs all make the management of log generation and storage challenging. For example, inconsistent log formats present challenges to people reviewing logs. A single standard format is preferred. Log management utility software may fail or mishandle the log data when an attacker provides binary data as input to a program that is expecting text data. The problem with the log management utility software is not as challenging as with the other three choices.

29. Which of the following solutions to overcome log management challenges address both peak and expected volumes of log data?

a. Prioritize log management function.

b. Establish policies and procedures for log management.

c. Maintain a secure log management infrastructure.

d. Provide training for all staff with log management responsibilities.

29. c. It is critical to create and maintain a secure log management infrastructure robust enough to handle not only expected volumes of log data, but also peak volumes during extreme situations, such as widespread malware incident, penetration testing, and vulnerability scans. The other three choices do not handle peak and expected volumes of log data.

30. Which of the following are the major reasons for reduced volume of logs?

1. Log analysis is a low-priority task.

2. Logs are analyzed in a batch mode.

3. Log analysis is treated as reactive.

4. Log analysis is not cost-effective.

a. 1 and 2

b. 2 and 3

c. 1, 2, and 3

d. 1, 2, 3, and 4

30. d. Log analysis has often been treated as a low-priority task by system or security administrators and management alike. Administrators often do not receive training on doing it efficiently and effectively. Administrators consider log analysis work to be boring and providing little benefit for the amount of time required. Log analysis is often treated as reactive rather than proactive. Most logs have been analyzed in a batch mode, not in a real-time or near-real-time manner.

31. Which of the following Organization for Economic Co-Operation and Development’s (OECD’s) principles state that information systems and the requirements for its security change over time?

a. Proportionality

b. Integration

c. Reassessment

d. Timeliness

31. c. The reassessment principle of OECD states that the security of information system should be reassessed periodically, as information systems and the requirements for its security vary over time.

32. Routine log analysis is beneficial for which of the following reasons?

1. Identifying security incidents

2. Identifying policy violations

3. Identifying fraudulent activities

4. Identifying operational problems

a. 1 only

b. 3 only

c. 4 only

d. 1, 2, 3, and 4

32. d. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activities, and operational problems.

33. Which of the following is not one of the log management infrastructure tiers?

a. Log generation

b. Decentralized log storage

c. Centralized log consolidation and storage

d. Centralized log monitoring

33. b. Log management infrastructure typically uses the following three tiers, such as log generation, centralized log consolidation and storage, and centralized log monitoring. Decentralized log storage is not one of the three tiers, but eventually transferred to the centralized log consolidation and storage.

34. Regarding log management infrastructure functions, log viewers provide which of the following capabilities?

1. Log filtering

2. Log aggregation

3. Log normalization

4. Log correlation

a. 1 and 2

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

34. a. Log viewing is displaying log entries in a human-readable format. Some log viewers provide filtering and aggregation capabilities, and cannot provide log normalization and log correlation capabilities.

35. Which one of the following log management functions includes other functions?

a. Log filtering

b. Log aggregation

c. Log correlation

d. Log parsing