Chapter 21. System Logging (Syslog) Flashcards
- Which of the following keywords does not represent a severity level?
A. ALERT
B. AUDIT
C. DEBUG
D. INFO
B. The AUDIT keyword is used as a facility level to represent the audit subsystem.
- Which of the following statements is false?
A. Secure Firewall can rate-limit syslog messages based on severity levels.
B. Secure Firewall can send syslog messages for connection events.
C. Syslog over UDP can introduce extra overhead in a large deployment.
D. If the TCP syslog server goes down, user traffic cannot continue through Secure Firewall.
C. Syslog over TCP can introduce extra overhead in a large deployment.
- What is the standard port number of the syslog protocol?
A. UDP 514
B. TCP 1470
C. Both UDP 514 and TCP 1470
D. None of these answers are correct.
C. Syslog messages can be sent over both UDP and TCP. The default ports are UDP 514 and TCP 1470.
- Which of the following options can be configured in the Platform Settings policy?
A. Adding a custom banner
B. Setting up time synchronization
C. Sending syslog messages
D. All of these answers are correct.
D. All of these answers are correct. Using platform settings, you can add a custom banner to appear during threat defense login; allow the hosts that can communicate with the threat defense over SSH, HTTPS, and ICMP protocols; define how the threat defense will synchronize time with its management center or an NTP server; provide health monitoring status over Simple Network Management Protocol (SNMP); send security events and system messages to an external syslog server; and many more.
- Which of the following event types can be used as a constraint in a correlation rule?
A. Discovery events
B. Intrusion and file events
C. Connection events
D. All of these answers are correct.
D. All of these answers are correct. You can create a correlation rule based on discovery events, intrusion events, file events, connection events, and many other constraints.
- What is included in the Secure Firewall troubleshooting file package?
A. Command output
B. Database search queries
C. Syslogs of running processes
D. All of these answers are correct.
D. All of these answers are correct. The troubleshooting file package contains log messages of various system processes, copies of configuration files, results of database queries, various command outputs, and so on.