Answer the following statements true (T) or false (F)
1. The security administrator must define the set of events that are subject to audit.
2. Event and audit trail analysis software, tools, and interfaces may be used to analyze collected data as well as for investigating data trends and anomalies.
3. According to ISO 27002, the person(s) carrying out the audit should be independent of the activities audited.
4. Data representing behavior that does not trigger an alarm cannot serve as input to intrusion detection analysis.
5. The first order of business in security audit trail design is the selection of data items to capture.
6. True
7. True
8. True
9. False
10. True
You might also like to view...
Neither the assignment operator overloading nor the copy constructor is inherited. If you do not create one, does this mean that the derived class will have no assignment operator or copy constructor?
What will be an ideal response?
Answer the following statements true (T) or false (F)
1. A program can continue to run after an exception has been thrown and caught. 2. A function uses an exception specification that includes only int, but an exception of type double is thrown. A catch block is provided that catches a double, so things proceed properly. 3. A function does not have an exception specification at all, so exceptions are prohibited. 4. The exception specification for a function has no effect on an exception that is caught within the function. 5. Suppose an exception of type E is thrown in a function but not listed in the exception specification, and is not caught in the function. The exception will be caught in a calling function that has a catch block that declares an exception of that type.