4.3 Incident Investigation Flashcards

1
Q

Syslog

A

centralized log management solution. By looking through the logs on the Syslog server, the technician could determine which service failed on which server since all the logs are retained on the Syslog server from all of the network devices and servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network Mapping

A

Network mapping is conducted using active and passive scanning techniques and could help determine which server was offline, but not what caused the interruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Firewall Logs

A

help determine why the network connectivity between a host and destination may have been disrupted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NIDS

A

network intrusion detection system (NIDS) is used to detect hacking activities, denial of service attacks, and port scans on a computer network. It is unlikely to provide the details needed to identify why the network service was interrupted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?

  1. 15.1.100
  2. 186.1.100
  3. 16.1.100
  4. 168.1.100
A

determine if an IP address is a publicly routable IP (external connection) or private IP (internal connection). During your CompTIA A+, Network+, and Security+ studies, you should have learned that private IP addresses are either 10.x.x.x, 172.16-31.x.x, or 192.168.x.x. All other IP addresses are considered publicly routable over the internet (except localhost and APIPA addresses). Therefore, the answer must be 192.186.1.100 since it is not a private IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly