Chapter 6 ■ Security Assessment and Testing (Domain 6) 145
- Jim is designing his organization’s log management systems and knows that he needs to
carefully plan to handle the organization’s log data. Which of the following is not a factor
that Jim should be concerned with?
A. The volume of log data
B. A lack of sufficient log sources
C. Data storage security requirements
D. Network bandwidth - Ken is having difficulty correlating information from different security teams in his
organization. Specifically, he would like to find a way to describe operating systems in a
consistent fashion. What SCAP component can assist him?
A. CVE
B. CPE
C. CWE
D. OVA L - When a Windows system is rebooted, what type of log is generated?
A. Error
B. Warning
C. Information
D. Failure audit
7 7. During a review of access logs, Alex notices that Danielle logged into her workstation in
New York at 8 a.m. daily but that she was recorded as logging into her department’s main
web application shortly after 3 a.m. daily. What common logging issue has Alex likely
encountered?
A. Inconsistent log formatting
B. Modified logs
C. Inconsistent timestamps
D. Multiple log sources
- What type of vulnerability scan accesses configuration information from the systems it
is run against as well as information that can be accessed via services available via the
network?
A. Authenticated scans
B. Web application scans
C. Unauthenticated scans
D. Port scans