Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CyberSec 8804 > Lecture 4 pt. 1 > Flashcards

Lecture 4 pt. 1 Flashcards

1
Q

What does SIEM stand for?

A

Security Information and Event Management

SIEM is a solution that collects and analyzes security data from across an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is log data?

A

A digital record of events occurring within a system, application, or network device

Log data can include user activity, system performance, and security events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the types of log data (6)?

A
  • Application logs
  • System logs
  • Security logs
  • Network log data
  • Audit logs
  • Database log data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the purpose of application logs?

A

To track user activities, identify errors, and monitor performance metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do security logs help to identify?

A

Potential threats and ensure timely responses to attempted security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the function of network log data?

A

To monitor and control traffic flows within a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do audit logs document?

A

Various events as part of an audit or compliance control process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What critical role do database log data play?

A
  • Maintaining data integrity
  • Enabling recovery in case of system failure
  • Optimizing database performance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the (5) main characteristics of Log Management Systems (LMS)?

A
  • Log data collection
  • Data retention
  • Log indexing
  • Reporting
  • Searching capabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are key limitations of LMS compared to SIEM (3)?

A

LMS does not typically offer analysis, alerting, and incident response capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do SIEM systems provide that LMS do not?

A
  • Real-time threat analysis
  • Automated alerting
  • Threat notifications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How does SIEM enhance log data?

A

By converting logs into a uniform format and organizing them into categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the role of machine learning in Next-Gen SIEM systems?

A

To draw connections between seemingly unrelated events that might indicate a security breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the key functions of SIEM systems?

A
  • Visibility/Log Collection
  • Consolidation
  • Aggregation
  • Organization/Normalization
  • Correlation
  • Alerts
  • Prioritization
  • Reporting
  • Compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a use case in the context of SIEM?

A

Technical rules or conditions applied on logs ingested into the SIEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should be done with use cases in SIEM?

A
  • Have a clear list of use cases
  • Map them to the Mitre Att&ck phases
  • Assign clear priority based on the organization
17
Q

Fill in the blank: SIEM tools send alerts whenever a potential _______ is detected.

A

security threat

18
Q

True or False: Log management provides analysis of log data.

CyberSec 8804 (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions