Investigative Data Flashcards

1
Q

What security tool collects data from multiple sources to provide real-time analysis of security alerts generated on both network hardware and applications?

A

Security Information and Event Monitoring (SIEM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of file records events that occur on an OS, in applications, or messages between users?

A

Log Files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the different type of log files?

A
Network
System
Application
System
Web
DNS
Authentication
Dump Files (when something crashes)
VoIP
Call Managers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 3 variations of syslog and which came first through last?

A
  1. syslog (oldest)
  2. rsyslog
  3. syslog-ng (latest)

Note: this is the file that enables computer capability to log files in a central repository. rsyslog and syslog-ng only work on Linux/Unix

Exam Tip: Just know the order of oldest to latest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What Linux command line utility is used to query and display logs from “journald”?

A

journalctl

Note: journald is the “systemd” logging service on Linux

Note: the “d” means daemon
Note: daemon = server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the multi-platform log management tool that helps identify security risks, policy breaches, or analise problems in server, operational system, and application logs?

A

nxlog

Note: It is cross-platform, open-source. It functions similarly to syslog-ng but unlike syslog-ng, it can work on Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What network protocol was created by Cisco, collects inbound and outbound IP network traffic, to include its point of origin, destination, volume, and paths on the network?

A

netflow

Note: This is not a packet capture protocol, it just captures data like who’s using the most bandwidth and where are they connecting to etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the open source version of netflow that exports truncated packets?

A

sflow (Sampled Flow)

Note: A truncated packet is just taking a small sample of packets for analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What protocol has the ability to track how much bandwidth is being used via routers and other devices in order to facilitate billing and accounting?

A

Internet Protocol Flow Information Export (IPfix)

Note: Think of this as the way mobile phone companies track how much bandwidth you use. Used for security purposes as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is data, that describes other types of data by providing a definition or summary of basic information?

A

Metadata

Note: Think of your phone bill telling you who you called and how long you called them for.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly