Module 3 - 02-1 Flashcards
Security information and event management (SIEM) dashboards
Define Log
A record of events that occur within an organization’s systems and networks
What are three common log sources?
- Firewall logs
- Network logs
- Server logs
Define Firewall logs
A record of attempted or established connections for incoming traffic from the internet. It also includes outbound requests to the internet from within the network
Define Network logs
A record of all computers and devices that enter and leave the network. It also records connections between devices and services on the network
Define Server logs
A record of events related to services such as websites, emails, or file shares. It includes actions such as login, password, and username requests
What can security teams identify from monitoring logs (2)?
- Vulnerabilities
- Potential data breaches
What do SIEM tools rely on to monitor systems and detect security threats?
Logs
What does SIEM stand for?
Security Information and Event Management (SIEM)
Define Security Information and Event Management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
How do SIEM tools increase efficiency and save time?
SIEM tools index and minimize the number of logs a security professional must manually review and analyze
SIEM tools can also be used to create _____.
dashboards
How do SIEM dashboards help security analysts?
SIEM dashboards help security analysts quickly and easily access their organization’s security information as charts, graphs, or tables.
Define Metrics
Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application
How can SIEM dashboards be customized?
SIEM dashboards can be customized to display specific metrics or other data that are relevant to different members in an organization.
What does IoT stand for?
Internet of Things (IoT)
What is “interconnected devices with access to the internet” known as?
Internet of Things (IoT)
What does AI stand for?
Artificial Intelligence (AI)
What does ML stand for?
Machine Learning (ML)
What does SOAR stand for?
Security Orchestration, Automation, and Response
Define Security Orchestration, Automation, and Response (SOAR)
A collection of applications, tools, and workflows that uses automation to respond to security events
Essentially, this means that handling common security-related incidents with the use of SIEM tools is expected to become a more streamlined process requiring less manual intervention.
Which log source records events related to websites, emails, and file shares, as well as password and username requests?
- Firewall
- Server
- Receiving
- Network
Server
Server logs record events related to websites, emails, and file shares. They include actions such as login requests, password and username requests, as well as the ongoing use of these services.
A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization.
- efficiency
- event
- employee
- emergency
event
A security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance?
- Models
- Index standards
- Metrics
- Cloud tools
Metrics
They are using metrics. Metrics are key technical attributes including response time, availability, and failure rate, which are used to assess the performance of a software application. SIEM dashboards can be customized to display relevant metrics.
SIEM tools must be configured and _____ to meet each organization’s unique security needs.
- customized
- centralized
- reviewed
- indexed
customized