1.1 Flashcards

1
Q

What is SIEM?

A

Security Information and Event Management

  • Software or a device which allows you to consolidate logs and real-time monitoring data for long-term storage.
  • Usually needs a lot of disk space.
  • Can create reports, send out security alerts, and provide details for forensic analysis.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a vulnerability scan?

A

Checks for vulnerabilities on your network, but is usually minimally invasive, unlike a penetration test.

  • Runs a scan, identifies systems and security devices.
  • Can test the network from both the inside and the outside.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some examples of what a vulnerability scan is useful for identifying?

A
  • Lack of security controls, such as no firewall or no AV.
  • Misconfigurations, such as open shares or guest access.
  • Application and service vulnerabilities
  • Finds unknown devices on the network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Syslog?

A

A standardized way to transfer log information from a variety of different devices to a centralized log receiver, often a SIEM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a MIB?

A

Management Information Base

  • A database of data used for SNMP.
  • MIB-II is the standardized database, that most devices use.
  • Proprietary MIBs also exist. A MIB for a specific device can be provided to an SNMP system so it knows how to read that device’s SNMP metrics.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is IPSec?

A

Internet Protocol Security

  • A remote access protocol.
  • One of the most popular. Different vendors can be implemented together.
  • Commonly used for Site-to-Site VPNs.
  • Provides security at OSI Layer 3 (network)
  • Authenticates and encrypts every packet.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an SSL VPN?

A
  • Commonly used for end-user / client-to-site VPN access.
  • Uses the common SSL/TLS protocol (tcp/443), which is typically allowed through firewalls without requiring additional configuration.
  • Uses software or clients built into the OS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a DTLS VPN?

A

Datagram Transport Layer Security

  • Provides the security of SSL/TLS, but the speed of datagrams.
  • Transport uses UDP instead of TCP.
  • Useful for streaming and VoIP.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Out-of-band management?

A
  • Allows access to a device without using the external network.
  • Usually a separate management interface, often a serial or USB connection.
  • A modem could be connected to that interface, to allow remote access to the device over phone lines.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Console Router?

A

Out-of-band access for multiple devices.

  • Connected to a modem to allow dial-in remote access.
  • Multiple out-of-band management interfaces are connected to the Console Route to allow access.
  • Also known as a Comm Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly