Detective/Technical measures:

A.
include intrusion detection systems and automatically-generated violation reports from audit trail
information.

B.
do not include intrusion detection systems and automatically-generated violation reports from audit trail
information.

C.
include intrusion detection systems but do not include automatically-generated violation reports from audittrail information.

D.
include intrusion detection systems and customized-generated violation reports from audit trail information.

Explanation:
The detective/technical control measures are intended to reveal the violations of security policy using technical
means. These measures include intrusion detection systems and automatically-generated violation reports from
audit trail information. These reports can indicate variations from “normal” operation or detect known signatures
of unauthorized access episodes.
Incorrect Answers:
B: Detective/Technical measures DO include intrusion detection systems and automatically-generated violation
reports from audit trail information.
C: Detective/Technical measures DO include automatically-generated violation reports from audit trail
information.
D: Detective/Technical measures include automatically-generated violation reports, not customized-generated
violation reports from audit trail information.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 50