Log Data 4.9

Question 1

Security Log Files

Answer 1

• Detailed security-related information

Question 2

Information Stored on Security Log Files

Answer 2

• Blocked and allowed traffic flows
• Exploit attempts

Question 3

Firewall Logs

Answer 3

• Contains detailed information about the traffic
• Logs information pertaining to the source/destination IP, port numbers, disposition

Question 4

Logs for Next Generation Firewalls (NGFW)

Answer 4

• Provides information regarding the applications that are being used.
• URLs being filtered

Question 5

Application Logs

Answer 5

• The information is specific to the application and varies widely.
• Logged information is collected into a SIEM, unneeded info is filtered out

Question 6

Endpoint Logs

Answer 6

• Collects information on logon events, policy changes, system events, processes, account management, directory services, etc.,
• Information can be collected on SIEM
• Can correlate the information to other devices.

Question 7

OS-Specific Security Logs

Answer 7

• Collect information pertaining to an OS security event such as brute force or authentication details.
• Can provide information of security problem before a security incident occurs
• May require filtering due to amount of data being collected

Question 8

Intrusion Prevention System (IPS) / Intrusion Detection System (IDS)

Answer 8

• Logs contain known information of vulnerabilities and attacks

Question 9

Network Logs

Answer 9

• Logs that collect information of activity occurring on switches, access points, VPN concentrators, etc.,
• Provides information of routing updates, authentication issues, or network security issues.

Question 10

Metadata

Answer 10

• Information contained within the documents being transferred through the network
• Describes the particular file

Question 11

Vulnerability Scans

Answer 11

• Identifies vulnerabilities such as lack of firewalls, no anti-virus software, or anti-spyware.
• Can identify misconfigurations and additional vulnerabilities

Question 12

Automated Reports

Answer 12

• An automated report system will use a generator such as SIEM which can be built-in
• Can also be provided by a third party extension

Question 13

Considerations for Automated Reports

Answer 13

• Requires someone to read the reports
• Can produce large amounts of data and must considerate what type of data is needed for the automation process.

Question 14

Dashboards

Answer 14

• Summaries of a real time status information on a single screen
• Can customize the dashboard to show only relevant or important information being displayed.
• Not designed for long term analysis.

Question 15

Packet Captures

Answer 15

• Being able to analyze packets flows over the network provides information on operations of the networking equipment, applications, and security issues.
• Can be done using a third party extension.

Question 16

Type of Information Provided by Packet Captures

Answer 16

• Detailed information at the Packet level
• Identifies unknown traffic.