12C - Data Sources (Application and Endpoint logs) Flashcards

1
Q

What is an endpoint log?

A

An endpoint log refers to events monitored by security software running on the host rather than by the OS itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What types of security software can generate endpoint logs?

A
  • Host-based firewalls
  • Intrusion detection systems
  • Vulnerability scanners
  • Antivirus/antimalware protection suites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an endpoint protection platform (EPP)?

A

A product that integrates functions like firewalls, intrusion detection, and antivirus into a single solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does EDR stand for?

A

Endpoint Detection and Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does XDR stand for?

A

Extended Detection and Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can endpoint security tools be integrated with SIEM?

A

Using agent-based software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False: Endpoint logs are only monitored by the operating system.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Fill in the blank: Suites that integrate various security functions are often referred to as an _______.

A

endpoint protection platform (EPP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly