154 Chapter 7 ■ Security Operations (Domain 7)
- Jim would like to identify compromised systems on his network that may be participating
in a botnet. He plans to do this by watching for connections made to known command-
and-control servers. Which one of the following techniques would be most likely to pro-
vide this information if Jim has access to a list of known servers?
A. Netflow records
B. IDS logs
C. Authentication logs
D. RFC logs
For questions 11–14, please refer to the following scenario:
Gary was recently hired as the first chief information security officer (CISO) for a local
government agency. The agency recently suffered a security breach and is attempting to
build a new information security program. Gary would like to apply some best practices
for security operations as he is designing this program.
- As Gary decides what access permissions he should grant to each user, what principle
should guide his decisions about default permissions?
A. Separation of duties
B. Least privilege
C. Aggregation
D. Separation of privileges - As Gary designs the program, he uses the matrix shown here. What principle of informa-
tion security does this matrix most directly help enforce?
Roles/Tasks
Potential Areas of Conflict
X
X
X
XX
XX
X
X
X
XX
X X
X
X
XX XX
XX
XX
X
X
X
X
Application Programmer
Security Administrator
Database Administrator
Database Server Administrator
Budget Analyst
Accounts Receivable
Accounts Payable
Deploy Patches
Verify Patches
ApplicationProgrammerSecurityAdministratorDatabaseAdministratorDatabase ServerAdministratorBudget AnalystAccountsReceivableAccounts PayableDeploy PatchesVerify Patches
A. Segregation of duties
B. Aggregation
C. Two-person control
D. Defense in depth