Tuesday, July 22, 2014

CISSP Exam Preparation (Question 251)

(251) Which of the following is NOT a form of computer/network surveillance?
A. Use of CCTV cameras
B. Use of network sniffers
C. Keyboard monitoring
D. Review of audit logs
CCTV cameras fall under the category of physical surveillance.
Answers a and b are forms of active surveillance. These types of surveillance
require an organizational policy informing the employees that the surveillance is being conducted. Additionally, warning banners describing the surveillance at log-on to a computer or network should be prominently displayed. These banners usually state that by logging on, the user acknowledges the warning and agrees to the monitoring. Answer “Review of audit logs” is a passive form of computer/network surveillance.

- Muhammad Idham Azhari

No comments: