Violating Clipping Levels

A.

Companies can set predefined thresholds for the number of certain types of errors that will be allowed before the activity is considered suspicious.

The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.

This baseline is referred to as a clipping level.

The following are incorrect answers: Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant.This is not the best answer,you would not record ONLY security relevant violations,all violations would be recorded as well as all actions performed by authorized users which may not trigger a violation.This could allow you to indentify abnormal activities or fraud after the fact.

Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status.

It could record all security violations whether the user is a normal user or a privileged user.

Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

The keyword "ALL" makes this question wrong.It may detect SOME but not all of violations.For example, application level attacks may not be detected.

Reference(s) used for this question: Harris, Shon (2012-10-18)

CISSP All-in-One Exam Guide, 6th Edition (p.

1239)

McGraw-Hill.

Kindle Edition.

and TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

Violation clipping levels are a security mechanism that allows the security administrator to define the level of sensitivity for different types of security violations. By setting a clipping level, the administrator can determine what kind of security violations are important enough to be tracked and analyzed, and which ones can be ignored. This mechanism helps the administrator to manage and prioritize security incidents, and to focus on the most important security threats.

Option A suggests that clipping levels can be used to set a baseline for normal user errors. This is partially true, as clipping levels can be set to record certain types of events, including those that fall below the normal baseline. However, the purpose of violation clipping levels is not to set a baseline for acceptable errors, but rather to help identify events that may pose a security risk.

Option B is the correct answer. Clipping levels allow the administrator to customize the audit trail to record only those violations that are deemed to be security-relevant. This means that the administrator can define which events should be recorded in the audit trail, and which ones can be ignored. This is particularly useful in large organizations where there may be a high volume of security events, as it enables the administrator to focus on the most critical events.

Option C is not accurate. Clipping levels do not enable the administrator to customize the audit trail to record only actions for users with privileged access. Instead, they allow the administrator to define which security events should be recorded in the audit trail.

Option D is also not accurate. Clipping levels do not enable the administrator to view all reductions in security levels made to user accounts that have incurred violations. Instead, they allow the administrator to focus on the security events that are most relevant to their organization, and to prioritize their response accordingly.

In summary, violation clipping levels are a useful security mechanism that enable the administrator to define which security events should be recorded in the audit trail, and to prioritize their response accordingly. This helps the administrator to manage and mitigate security risks, and to focus on the most critical events.