Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Comptia CYSA+ > Configuring your SIEM > Flashcards

Configuring your SIEM Flashcards

1
Q

SIEM solutions can be implemented as software, hardware appliances, or
outsourced managed services
▪ Log all relevant events and filter irrelevant data
▪ Establish and document scope of events
▪ Develop use cases to define a threat
▪ Plan incident response to an event
▪ Establish a ticketing process to track events
▪ Schedule regular threat hunting
▪ Provide auditors and analysts an evidence trail

A

SIEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A market-leading big data information gathering and analysis tool that can import
machine-generated data via a connector or visibility add-on

A

Splunk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Collection of free and open-source SIEM tools that provides storage, search, and
analysis functions
▪ Elasticsearch (query/analytics)
▪ Logstash (log collection/normalization)
▪ Kibana (visualization)
▪ Beats (endpoint collection agents)

A

ELK/Elastic Stack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A SIEM log management and analytics software that can be used for compliance
reporting for legislation and regulations like HIPPA, SOX, and PCI DSS

A

ArcSight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A SIEM log management, analytics, and compliance reporting platform created by
IBM

A

QRadar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A SIEM solution originally developed by Alien Vault, now owned by AT&T, and
rebranded as AT&T Cybersecurity

A

Alien Vault and OSSIM (Open-Source Security Information Management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An open-source SIEM with an enterprise version focused on compliance and
supporting IT operations and DevOps

A

Graylog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security data comes from numerous sources across the organization so it comes
in different formats

A

Data Normalization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Process where data is reformatted or restructured to facilitate the scanning and
analysis process

A

Normalization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An agent service is installed on each host to log, filter, aggregate, and
normalize data on the host before sending it to the SIEM server for
analysis and storage

A

Agent-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Hosts are configured to push updates to the SEIM server using a
protocol like syslog or SNMP

A

Listener/Collector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A SIEM can collect packet capture and traffic flow data from sniffers
and sensors positions across the network

A

Sensors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Logs created by the operating system on each client or server to record how users
and software interact with the system

A

Event Log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Logs created by the operating system on each client or server to record how users
and software interact with the system

A

Application
Security
System
Setup
Forwarded Events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

There are four categories of severity inside the Windows event logs

A

Information
Warning
Error
Audit Success/Failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A protocol enabling different appliances and software applications to transmit
logs or event records to a central server

A

Syslog

Comptia CYSA+ (37 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions