1.1 Flashcards
1
Q
What is SIEM?
A
Security Information and Event Management
- Software or a device which allows you to consolidate logs and real-time monitoring data for long-term storage.
- Usually needs a lot of disk space.
- Can create reports, send out security alerts, and provide details for forensic analysis.
2
Q
What is a vulnerability scan?
A
Checks for vulnerabilities on your network, but is usually minimally invasive, unlike a penetration test.
- Runs a scan, identifies systems and security devices.
- Can test the network from both the inside and the outside.
3
Q
What are some examples of what a vulnerability scan is useful for identifying?
A
- Lack of security controls, such as no firewall or no AV.
- Misconfigurations, such as open shares or guest access.
- Application and service vulnerabilities
- Finds unknown devices on the network
4
Q
What is Syslog?
A
A standardized way to transfer log information from a variety of different devices to a centralized log receiver, often a SIEM.
5
Q
What is a MIB?
A
Management Information Base
- A database of data used for SNMP.
- MIB-II is the standardized database, that most devices use.
- Proprietary MIBs also exist. A MIB for a specific device can be provided to an SNMP system so it knows how to read that device’s SNMP metrics.
6
Q
What is IPSec?
A
Internet Protocol Security
- A remote access protocol.
- One of the most popular. Different vendors can be implemented together.
- Commonly used for Site-to-Site VPNs.
- Provides security at OSI Layer 3 (network)
- Authenticates and encrypts every packet.
7
Q
What is an SSL VPN?
A
- Commonly used for end-user / client-to-site VPN access.
- Uses the common SSL/TLS protocol (tcp/443), which is typically allowed through firewalls without requiring additional configuration.
- Uses software or clients built into the OS.
8
Q
What is a DTLS VPN?
A
Datagram Transport Layer Security
- Provides the security of SSL/TLS, but the speed of datagrams.
- Transport uses UDP instead of TCP.
- Useful for streaming and VoIP.
9
Q
What is Out-of-band management?
A
- Allows access to a device without using the external network.
- Usually a separate management interface, often a serial or USB connection.
- A modem could be connected to that interface, to allow remote access to the device over phone lines.
10
Q
What is a Console Router?
A
Out-of-band access for multiple devices.
- Connected to a modem to allow dial-in remote access.
- Multiple out-of-band management interfaces are connected to the Console Route to allow access.
- Also known as a Comm Server