+ Reply to Thread
Results 1 to 9 of 9
  1. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #1

    Default CISA study question confusion...

    OK, call me crazy... but is the explanation given correct?

    Which of the following controls would BEST detect intrusion?

    a) User IDs and user privileges are granted through authorized procedures.

    b) Automatic logoff is used when a workstation is inactive for a particular period of time.

    c) Automatic logoff of the system occurs after a specified number of unsuccessful attempts.

    d) Unsuccessful logon attempts are monitored by the security administrator.

    'correct' answer: D?


    Intrusion is detected by the active monitoring and review of unsuccessful logons. User IDs and the granting of user privileges define a policy, not a control. Automatic logoff is a method of preventing access on inactive terminals and is not a detective control. Unsuccessful attempts to log on are a method for preventing intrusion, not detecting.


    Doesn't the part of the explanation I bolded above directly contradict 'd' being the correct answer?



    Discuss amongst yourselves...




    Reply With Quote Quote  

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #2
    It's a copy-and-paste error. The last sentence should start, "Automatic logoff of the system is..." and not, "Unsuccessful attempts to log on are..."

    Always consider the possibility of typos and generally poor (or no) editing.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  4. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #3
    Thanks... here's another gem from the ISACA study material:

    Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
    A. Assimilation of the framework and intent of a written security policy by all appropriate parties
    B. Management support and approval for the implementation and maintenance of a security policy
    C. Enforcement of security rules by providing punitive actions for any violation of security rules
    D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software

    The correct answer is A.
    Assimilation of the framework and intent of a written security policy by the users of the system is critical to the successful implementation and maintenance of the security policy. A good password system may exist, but if the users of the system keep passwords written on their desk, the password is of little value. Management support and commitment is, no doubt, important, but for successful implementation and maintenance of a security policy, educating the users on the importance of security is paramount. The stringent implementation, monitoring and enforcing of rules by the security officer through access control software, and provision for punitive actions for violation of security rules, is also required, along with the user's education on the importance of security.

    That's the first time I have ever heard that senior leadership buy-in is not the most critical aspect.
    Reply With Quote Quote  

  5. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #4
    I'm guessing for management support to be obtained "assimilation" must be successful first. I dislike the use of the word "assimilation." That's really ambiguous.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  6. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #5
    ...but if management doesn't buy in and support the policies, then they won't be implemented.

    I am super disappointed at the quality and hairsplitting of the ISACA study materials (not to mention the totally outrageous cost!). Those were just the two that I found last night.
    Reply With Quote Quote  

  7. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #6
    Quote Originally Posted by colemic View Post
    ...but if management doesn't buy in and support the policies, then they won't be implemented.
    As I said, management can't "buy in" if they can't "assimilate" (i.e., don't understand) what they are suppose to buy in to first.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Aug 2010
    Location
    Planet Earth
    Posts
    18

    Certifications
    CISM, CISA, CCNA, ACRC, MCSE, CCSA, CCIE
    #7
    One of the secrets in passing CISA successully is to clearly understand how ISACA thinks and expects you to in the exam. I do not see any issues with both the questions.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2011
    Location
    San Antonio, TX
    Posts
    1,727

    Certifications
    [Reserved]
    #8
    first question, was about BEST detecting intrusion. Only the D choice does that. Nothing else really monitors anything. Intrusion detection requires something to occur, and something to respond to that occurring.

    second question was about MOST critical for successful
    while it can be argued that management approval is usually recommended for everything security related, that would have been a good answer, except for this: the other choice said ALL parties, which meant everyone would participate. As we all know that security is not any stronger than its weakest link, getting everyone on board would be MOST critical, as "ALL" would have to include Management also., whereas only Management would exclude the workers who would be subject to the policy

    As you have a CISSP, and have other security experience, then you are correct that Management's approval is a very critical factor for accomplishing most anything security related. (It's a "theme" you develop, as you read the material, LOL. But, you must also agree that, logically, "All" includes both management and the end user community.

    I think this question was posed to make you think, and make sure to choose the "BEST" answer.

    Like JDMurray, that term "assimilate" bothers me. Makes me think of the "Borg".

    Is that how the term is phrased in your corresponding preparation materials: "assimilate"?
    Last edited by instant000; 04-15-2011 at 02:41 PM. Reason: MurrAy, not Murry
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
    Reply With Quote Quote  

  10. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,531

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #9
    Quote Originally Posted by instant000 View Post
    first question, was about BEST detecting intrusion. Only the D choice does that. Nothing else really monitors anything. Intrusion detection requires something to occur, and something to respond to that occurring.

    second question was about MOST critical for successful
    while it can be argued that management approval is usually recommended for everything security related, that would have been a good answer, except for this: the other choice said ALL parties, which meant everyone would participate. As we all know that security is not any stronger than its weakest link, getting everyone on board would be MOST critical, as "ALL" would have to include Management also., whereas only Management would exclude the workers who would be subject to the policy

    As you have a CISSP, and have other security experience, then you are correct that Management's approval is a very critical factor for accomplishing most anything security related. (It's a "theme" you develop, as you read the material, LOL. But, you must also agree that, logically, "All" includes both management and the end user community.

    I think this question was posed to make you think, and make sure to choose the "BEST" answer.

    Like JDMurray, that term "assimilate" bothers me. Makes me think of the "Borg".

    Is that how the term is phrased in your corresponding preparation materials: "assimilate"?
    I haven't referenced it back to the study guide yet, it was a practice test question. As for your first point - what tripped me up, was what JD pointed out, that it appears to be a typographical error. My head was hurting trying to wrap around what they actually meant. As for the 2nd question - I still contend that B is correct as the question is written - it references 'approval for implementation,' which logically would come before integration (unless someone just insists on calling it assimilation. Redmond - I agree with you, it's just hard to 'unlearn' a lot of concepts.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks