Which choice below is NOT a security goal of an audit mechanism?

A.
Review employee production output records

B.
Deter perpetrators attempts to bypass the system protection
mechanisms

C.
Review patterns of access to individual objects

D.
Discover when a user assumes a functionality with privileges
greater than his own

Explanation:
The audit mechanism of a computer system has five important
security goals:
1. The audit mechanism must allow the review of patterns of
access to individual objects, access histories of specific processes
and individuals, and the use of the various protection
mechanisms supported by the system and their effectiveness.2
2. Allow discovery of both users and outsiders repeated
attempts to bypass the protection mechanisms.
3. Allow discovery of any use of privileges that may occur when
a user assumes a functionality with privileges greater than his

or her own, i.e., programmer to administrator. In this case,
there may be no bypass of security controls, but nevertheless, a
violation is made possible.
4. Act as a deterrent against perpetrators habitual attempts to
bypass the system protection mechanisms. However, to act as a
deterrent, the perpetrator must be aware of the audit
mechanisms existence and its active use to detect any attempts
to bypass system protection mechanisms.
5. Supply an additional form of user assurance that attempts to
bypass the protection mechanisms that are recorded and
discovered.3 Even if the attempt to bypass the protection
mechanism is successful, the audit trail will still provide assurance
by its ability to aid in assessing the damage done by the violation,
thus improving the systems ability to control the damage.
Source: NCSC-TG-001 AGuide to Understanding Audit in Trusted
Systems [Tan Book], and Gligor, Virgil D., Guidelines for Trusted
Facility Management and Audit, University of Maryland, 1985.