Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity Bootcamp Study Aid > 5.3 Monitoring Log Files > Flashcards

5.3 Monitoring Log Files Flashcards

1
Q

What are the three aspects to proper log management?

A
  1. Ensuring logs are protected through detailed recordings of changes.
  2. Storing logs for a sufficient amount of time.
  3. Omitting unnecessary data to avoid excessive and gratuitous logs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When we properly manage our logs, we are able to better analyze and review them regularly, letting us rapidly pinpoint _________, _________, and __________.

A

When we properly manage our logs, we are able to better analyze and review them regularly, letting us rapidly pinpoint threats, regulatory violations, and fraudulent activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Linux stores all log files in a centralized repository located in _______.

A

Linux stores all log files in a centralized repository located in /var/log.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the log:

Store alerts generated by software being used
by the user, including when it’s launched, how long it’s in use, when it’s closed, etc.

A

Application logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name the log:

Contain information regarding security
related events. E.g., a user succeeds or fails to log onto a host, or tries to install unauthorized software.

A

Event logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name the log:

Contain information related to system
services such as corn jobs and print jobs.

A

Service logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name the log:

Contain information regarding system events such as boot messages, kernel errors, or anything related to the
system hardware.

A

System log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the four categories of logs

A
  1. Application
  2. Event
  3. Service
  4. System
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

_____________ is designed to filter through enormous system logs and return specific results.

A

journalctl is designed to filter through enormous system logs and return specific results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_________ is a daemon that can be used for logging
system-wide events and providing information to other tools, and does not provide reader-friendly display of log information.

A

systemd is a daemon that can be used for logging

system-wide events and providing information to other tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

_________ collects and stores log information in a structured, indexed format.

A

journald collects and stores log information in a structured, indexed format.

○ journald is often referred to as systemd-journald

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_________ allows us to access the __________ journal and filter out desired information.

A

journalctl allows us to access the systemd-journald journal and filter out desired information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is journalctl syntax?

A

journalctl [options] [information being filtered]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_________ is designed to filter through enormous system logs and return specific results.

A

journalctl is designed to filter through enormous system logs and return specific results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

________records log messages from different areas of a Linux system and routes them to the appropriate log in the /var/log directory

A

rsyslog records log messages from different areas of a Linux system and routes them to the appropriate log in the /var/log directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Unlike journalctl, rsyslog can ___________________ for individual servers.

A

Unlike journalctl, rsyslog can filter logs based on different priority levels for individual servers.

17
Q

__________ is the process of archiving a log once it reaches a specific size or a point in a set schedule, and rotating it out with a new, empty log.

A

Log rotation is the process of archiving a log once it reaches a specific size or a point in a set schedule, and rotating it out with a new, empty log.

18
Q

________ is a kernel level subsystem that can watch every system call an application makes.

A

auditd is a kernel level subsystem that can watch every system call an application makes.

19
Q

What is ausearch?

A

Tool designed to query auditd daemon logs based on different search criteria for event-driven log records.

20
Q

What is aureport

A

A program that summarizes various types of events.

21
Q

What is auditctl?

A

Responsible for configuring the auditd

system. Has the capability to enable or disable auditd systems, load and list rules, and generate status reports.

22
Q

auditd does not provide any additional security actions, rather it allows us to _______________.

A

auditd does not provide any additional security actions, rather it allows us to monitor existing violations.

23
Q

auditd integration with the system kernel allows it to
monitor all system operations, such as _________
and _________.

A

auditd integration with the system kernel allows it to monitor all system operations, such as network traffic and file system access.

Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions