Here are the answers to the questions in Chapter 3:
The best way to understand the security configuration of an operating system is to
Consult the vendor's installation manuals
Review the security plan for the system
Interview the systems programmer who installed the software
Review the system-generated configuration parameters
The correct answer is D, review the actual parameters generated from a direct query of the system. The system programmers (C) and the security plan (B) may give you information about the point in time when the system was installed, but patches and modification since that time may have significantly changed the current security since then. The vendor's manual (A) will explain what your options are and may even recommend settings, but they have no bearing on the actual set up.
What three things are the most important security controls that should be present when reviewing an operating systems security?
The code comes from a trusted source.
Audit logging is turned on.
Unnecessary services are turned off.
The default passwords are changed.
Systems administrators do not have any more access than they need to in order to perform their job.
I, II, and III
III, IV, and V
I, III, and IV
I, II, and IV
The correct answer is C. Audit logging does need to be turned on (II), but this is only effective when a process is in place to monitor and react to the logs. Systems administrators (V) should use their ...