Secure Software Lifecycle Professional – CSSLP – Question110

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

A.
File and object access
B. Data downloading from the Internet
C. Printer access
D. Network logons and logoffs

Correct Answer: ACD

Explanation:

Explanation: The following types of activities can be audited: Network logons and logoffs File access Printer access Remote access service Application usage Network services Auditing is used to track user accounts for file and object access, logon attempts, system shutdown, etc. This enhances the security of the network. Before enabling security auditing, the type of event to be audited should be specified in the audit policy. Auditing is an essential component to maintain the security of deployed systems. Security auditing depends on the criticality of the environment and on the company’s security policy. The security system should be reviewed periodically. Answer: B is incorrect. Data downloading from the Internet cannot be audited.