Module 23 - Network Monitoring - Q&A Flashcards

1
Q
Which of the following are valid sources of data for network monitoring? (Choose all that apply.)
A. User complaints
B. Log files
C. Traffic captures
D. SNMP traps
A

B, C, D. User complaints are not really a valid source of network monitoring data, but log files, network traffic captures, and information from SNMP traps are valid data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is an important aspect of good log management?
A. Secure log storage
B. Deleting logs due to storage space constraints
C. Reviewing only logs produced in the last seven days
D. Retaining and reviewing log data only from servers

A

A. Secure log storage is an important aspect of good log management. The other choices are examples of inefficient or ineffective log management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following are valid reasons to monitor networks?
A. To identify workstations and servers that can be decommissioned
B. To identify performance issues
C. To identify security issues
D. To identify workers who surf the Internet too much

A

B, C. Identifying both performance and security issues are valid reasons to monitor networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Your manager wants you to institute log management and analysis on a small group of workstations and servers that are not connected to the larger enterprise network for data sensitivity reasons. Based upon the level of routine usage and logging, you decide not to implement a management console but intend to examine each log separately on the individual hosts. What type of log management are you using in this scenario?
A. Centralized
B. Enterprise-level log management
C. Decentralized
D. Workgroup-level log management
A

C. In this scenario, you are using decentralized log management, since you are not using a centralized log management facility or console to collect all of the applicable logs and review them in one place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which of the following types of logs are you most likely interested in reviewing to discover whether a resource has been accessed by an unauthorized individual?
A. Audit log
B. Application log
C. System log
D. Maintenance log
A

A. An audit Jog (or security log) is the log you want to review to discover whether a resource has been accessed by an unauthorized individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
All of the following characteristics describe log analysis, except:
A. Reviewing logs
B. Correlating logs event
C. Trend analysis
D. Securing stored log files
A

D. Securing stored Jog files is not part of log analysis, but it is part of effective log management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following would be considered a security event of interest that you might discover in a log file?
A. An increase in network traffic during the time the majority of employees come into work
B. A user account repeatedly locked several times after invalid login attempts
C. A user successfully accessing a restricted document several times
D. A user unsuccessfully accessing a restricted document one time

A

B. A user account locked several times after repeated invalid login attempts would be a security event of interest, since this could indicate a brute-force attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Which of the following could be considered a real-time network monitoring technique?
A. Log review
B. Traffic sniffing
C. Monthly password audits
D. Configuration file review
A

B. Traffic sniffing could be considered a realtime network monitoring technique, since the administrator can view network traffic instantly, as it occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following might result in an alert being sent to a network administrator?
A. A new restricted financial data folder created by the director of finance
B. An increase in HTTP traffic during lunchtime
C. Network traffic using a specific protocol exceeding a certain threshold
D. A helpdesk technician creating a new user account

A

C. Network traffic using a specific protocol and exceeding a certain threshold might be a valid reason to send an alert to a network administrator, since this can indicate a network attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Which of the following refers to correlating and analyzing different types of data to determine security issues that may happen over longer periods of time?
A. Trend analysis
B. Log analysis
C. Network monitoring
D. Traffic analysis Answers
A

A. Trend analysis refers to correlating and analyzing different types of data to determine security issues that may happen over longer periods of time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly