Systems Security Certified Practitioner – SSCP – Question0461 - Systems Security Certified Practitioner

Which of the following is most likely to be useful in detecting intrusions?

A. Access control lists
B. Security labels
C. Audit trails
D. Information security policies

Correct Answer: C

Explanation:

If audit trails have been properly defined and implemented, they will record information that can assist in detecting intrusions. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 186).