4.9 Flashcards

1
Q

Packet Captures

A

used to capture and analzye network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What types of logs are there?

A

firewall, app, endpoint, os specific, ips and ids, networ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SIEM

A

security info and event monitoring system
Real-time analysis of security alerts from applications and network hardware
■ Combination of different data sources into one tool
■ Provides a consolidated view of network activity
■ Allows for trend analysis, alert creation, and correlation of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Log files

A

Records events and messages in operating systems, software, and network
devices
■ Includes network, system, application, security, web, DNS, authentication, dump
files, VoIP, and call managers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Syslog, Rsyslog, Syslog-ng

A

■ Tools for centralizing log data from different systems into a repository
■ Commonly used to feed data into SIEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Journalctl

A

Linux command-line utility for querying and displaying logs from the Journal
Daemon (SystemD’s logging service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

nxlog

A

Multi-platform, open-source log management tool
■ Identifies security risks and analyzes logs from server, OS, and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

netflow

A

Network protocol for collecting active IP network traffic data
■ Provides information on source, destination, volume, and path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

sFlow

A

sampled flow
Open-source alternative to NetFlow
■ Exports truncated packets and interface counter for network monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IPFix

A

(Internet Protocol Flow Information Export)
■ Universal standard for exporting IP flow information
■ Used for mediation, accounting, and billing by defining data format for exporters
and collectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

MD5/SHA256 Checksum

A

Serves as unique digital fingerprint for file identification, including potential
malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly