Foundations of Cybersecurity module 4 Flashcards
A _________ is a record of events that occur within an organization’s systems. Examples of security-related logs include records of employees signing into their computers or accessing web-based services. __________(s) help security professionals identify vulnerabilities and potential security breaches.
Log
commonly used SIEM tools:
Splunk and Chronicle
A ___________ is an application that collects and analyzes log data to monitor critical activities in an organization
SIEM tool
________ is a data analysis platform, and __________ Enterprise provides SIEM solutions. ________ Enterprise is a self-hosted tool used to retain, analyze, and search an organization’s log data.
Splunk
Another SIEM tool is Google’s ____________. __________ is a cloud-native SIEM tool that stores security data for search and analysis. Cloud-native means that ________ allows for fast delivery of new features.
Chronicle
A _________ is a manual that provides details about any operational action, such as how to respond to an incident. ____________s, which vary from one organization to the next, guide analysts in how to handle a security incident before, during, and after it has occurred. _______________s can pertain to security or compliance reviews, access management, and many other organizational tasks that require a documented process from beginning to end.
playbook
_____________, also called packet sniffer. A packet sniffer is a tool designed to capture and analyze data traffic within a network. Common network protocol analyzers include tcpdump and Wireshark.
network protocol analyzer
When working on a forensic case, there are two playbooks you might follow:
1.chain of custody playbook. Chain of custody is the process of documenting evidence possession and control during an incident lifecycle. As a security analyst involved in a forensic analysis, you will work with the computer data that was breached.
- protecting and preserving evidence playbook. Protecting and preserving evidence is the process of properly working with fragile and volatile digital evidence.
A _______________ is a unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.
web vulnerability
____________ is a software program used to prevent, detect, and eliminate malware and viruses. It is also called anti-malware. Depending on the type of antivirus software, it can scan the memory of a device to find patterns that indicate the presence of malware.
Antivirus software
An ___________________________ is an application that monitors system activity and alerts on possible intrusions. The system scans and analyzes network packets, which carry small amounts of data through a network. The small amount of data makes the detection process easier for an IDS to identify potential threats to sensitive data. Other occurrences an IDS might detect can include theft and unauthorized access.
intrusion detection system (IDS)
_____________ makes data unreadable and difficult to decode for an unauthorized user; its main goal is to ensure confidentiality of private data. Encryption is the process of converting data from a readable format to a cryptographically encoded format. Cryptographic encoding means converting plaintext into secure ciphertext. Plaintext is unencrypted information and secure ciphertext is the result of encryption
Encryption
_______________, also called _______________, is the act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes. It is a thorough risk assessment that can evaluate and identify external and internal threats as well as weaknesses.
Penetration testing
An open-source operating system
Linux
A sequence outlining the order of data that must be preserved from first to last
Order of volatility