PrepAway - Latest Free Exam Questions & Answers

Which choice below is the BEST description of an audit trail?

Which choice below is the BEST description of an audit trail?

PrepAway - Latest Free Exam Questions & Answers

A.
Audit trails are used to detect penetration of a computer system and to reveal usage that
identifies misuse.

B.
An audit trail is a device that permits simultaneous data processing of two or more security
levels without risk of compromise.

C.
An audit trail mediates all access to objects within the network by subjects within the network.

D.
Audit trails are used to prevent access to sensitive systems by unauthorized personnel.

Explanation:
An audit trail is a set of records that collectively provide
documentary evidence of processing used to aid in tracing from
original transactions forward to related records and reports, and/or
backward from records and reports to their component source
transactions. Audit trails may be limited to specific events or may
encompass all of the activities on a system.
User audit trails can usually log:
All commands directly initiated by the user
All identification and authentication attempts
Files and resources accessed
It is most useful if options and parameters are also recorded from
commands. It is much more useful to know that a user tried to
delete a log file (e.g., to hide unauthorized actions) than to know the
user merely issued the delete command, possibly for a personal data
file.
*Answer “An audit trail is a device that permits simultaneous data processing of two or more
security levels without risk of compromise.” is a description of a multilevel devicE. A multilevel
device is a device that is used in a manner that permits it to process data of two or more security
levels simultaneously without risk of compromisE. To accomplish this, sensitivity labels are
normally
stored on the same physical medium and in the same form (i.e.,
machine-readable or human-readable) as the data being processed.
*Answer “An audit trail mediates all access to objects within the network by subjects within the
network.” refers to a network reference monitor, an access control
concept that refers to an abstract machine that mediates all access to
objects within the network by subjects within the network.
* Answer “Audit trails are used to prevent access to sensitive systems by unauthorized personnel.”
is incorrect, because audit trails are detective, and the answer describes a preventative process,
access control. Source:

NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems
and DoD 5200.28-STD Department of Defense Trusted Computer
System Evaluation Criteria.


Leave a Reply