Event Management (3.3)

Question 1

Interface Monitoring

Answer 1

• Is the interface up or down which is one of the most important things to know. No special rights or perms and green is good red is bad.
• Alarming or Alerting should an interface fail to report can send emails or smss
• Short term and long term reporting

Not focused on traditional details

Question 2

SIEM

Answer 2

Security information and Event management including security events and information

Performs security alerts on real time information

Uses Log aggregation and long term storage which usually includes advanced reporting features

Data correlation to link diverse data types

Allows for forensic analysis

Question 3

Syslog

Answer 3

Standard for message logging for diverse systems, consolidated log.

Usually a central logging receiver integrated into the siem

You need a lot of disk space

Question 4

SIEM Dashboard

Answer 4

Takes all info gathered in logs and shows in graphical form using graphs

Question 5

SNMP

Answer 5

Simple Network Management Protocol. Allows for a database of data

Question 6

MIB

Answer 6

Management Information Base

Question 7

SNMP Versions

Answer 7

V1 - The original structured tabled in the clear
V2 - Data type enhancements, bulk transfers, still int he clear
V3 - The New Standard Message integrity, auth, encryption