Which of the following is needed for System Accountability?
A.
Audit mechanisms.
B.
Documented design as laid out in the Common Criteria.
C.
Authorization.
D.
Formal verification of system design.
Explanation:
Accountability is the ability to identify users and to be able to track user actions. Through the use of audit logs
and other tools the user actions are recorded and can be used at a later date to verify what actions were
performed.
Incorrect Answers:
B: Common Criteria is an international standard to evaluate trust and would not be a factor in System
Accountability.
C: Authorization is granting access to subjects, just because you have authorization does not hold the subject
accountable for their actions.D: Formal verification involves Validating and testing highly trusted systems. It does not, however, involve
System Accountability.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 203, 248-250, 402.
What kind of question is this? What is needed for System Accountability? Unique ID is needed. The question should ask (depending on answers given) what mechanism can DETECT the system accountability?