4.3

Question 1

True or False the vulnerability scanner looks for everything

Answer 1

False, looks particularly for signatures

Question 2

List some results that will be part of the vulnerability scan results

Answer 2

Lack of security controls
- No Firewall 
- No antivirus
Misconfigurations
Real vulnerabilites

Question 3

What is SIEM and name some features

Answer 3

Security Information and Event Management
Log aggregation and long-term storage
Data correlation
Forensic analysis

Question 4

These log files track information for switches, routers, access points, and VPN concentrators. What changes do these log files track

Answer 4

Network log files and they track network changes:

• Routing updates
• Authentication issues
• Network security issues

Question 5

System log files gather information for what systems. What type of information do these log files gather

Answer 5

Operating system

• Extensive logs
• File system information
• Authentication details

Question 6

True or False application log files are specific to the application. List the places you would find these files on MacOS, Linux, and Windows

Answer 6

True
Windows - Event viewer/Application Log
Linux & MacOS - /var/log

Question 7

What is some log information associated with security log files

Answer 7

Blocked and allowed traffic flows
Exploit attempts
Blocked URL categories
DNS sinkhole

Question 8

Web log files capture what type of information

Answer 8

Access errors
Exploit attempts
Server activity

Question 9

These log files allow a user to view lookup requests, IP address of the request, Identify queries to known bad URLs, block or modify known bad requests

Answer 9

DNS log files

Question 10

Define the purpose of Authentication log files

Answer 10

Identifies who logged in (or didn’t)
Identify multiple failures
Correlate with other events
- File transfers for example

Question 11

True or False dump files store some of the content of memory into a diagnostic file

Answer 11

False dump files store all contents of memory into a diagnostic file

Question 12

These logs allow you to look at -Inbound and outbound call info

• Security information
• SIP traffic logs

Answer 12

VoIP and Call Manager logs

Question 13

This log management system is standard for messaging logs

Answer 13

Syslog

Question 14

Name some properties on a Syslog

Answer 14

Usually a central logging receiver
Each log is entry is labeled
Syslog daemon options

Question 15

What does Journalctl allow a user to do

Answer 15

provides a method for querying the system journal

Question 16

What do Bandwidth monitors do

Answer 16

They identify percentage of network use over time and they also identify fundamental issues

Question 17

What is metadata. Name some examples

Answer 17

Data that describes other data sources
Examples:
- Email header details
- Type of mobile phone and GPS location for a phone

Question 18

What gathers traffic statistics from all traffic flows. Also has a probe that watches and network communication

Answer 18

Netflow

Question 19

What is IPFIX

Answer 19

IP Flow Information Export. Evolved from NetFlow

Question 20

True or False sFlow (Sample Flow) is responsible for all of the actual network traffic

Answer 20

False, it’s partcially responsible and it is usually embedded in switches and routers

Question 21

What does Protocol analyzer output look for

Answer 21

Looks to solve complex application issues. gather packets on the internet, and view detailed traffic information