CSSLP Question #114: Real Exam Question with Answer & Explanation

The correct answer is A: File and object access. For security auditing, common activities to monitor include access to files and other system objects, printer usage, and network logon/logoff events. These provide crucial logs for detecting unauthorized activity and maintaining an audit trail.

Secure Software Deployment, Operations, Maintenance

Question

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

Options

AFile and object access
BData downloading from the Internet
CPrinter access
DNetwork logons and logoffs

Explanation

For security auditing, common activities to monitor include access to files and other system objects, printer usage, and network logon/logoff events. These provide crucial logs for detecting unauthorized activity and maintaining an audit trail.

Common mistakes.

B. While data downloading from the Internet can be monitored by network devices, it is generally categorized as network traffic monitoring or content filtering rather than a specific 'security auditing activity' in the same vein as system-level event logging of access to resources or authentication.

Concept tested. Security auditing and logging targets

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-security-policy-settings

Topics

#Security Auditing#Logging#Access Control#Security Monitoring

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions