Monitoring and Auditing Flashcards

1
Q

Network traffic is analyzed for predetermined attack patterns

A

Signature-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A baseline is established and any network traffic that is outside of the
baseline is evaluated

A

Anomoly-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Activity is evaluated based on the previous behavior of applications,
executables, and the operating system in comparison to the current
activity of the system

A

Behavior Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Process of measuring changes in networking, hardware, software, and
applications

A

Baselining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Documenting and reporting on the changes in a baseline

A

Baseline Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk level to which a system or other technology element is exposed

A

Security Posture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Network adapter is able to capture all of the packets on the network,
regardless of the destination MAC address of the frames carrying them

A

Promiscuous Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Network adapter can only capture the packets directly addressed to itself

A

Non-promiscuous Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

One or more switch ports are configured to forward all of their packets to
another port on the switch

A

Port Mirroring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A physical device that allows you to intercept the traffic between
two points on the network

A

Network Tap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A TCP/IP protocol that aids in monitoring network-attached devices and
computers

A

Simple Network Management Protocol (SNMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Computers and other network-attached devices monitored through the
use of agents by a network management system

A

Managed Devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Software that is loaded on a managed device to redirect information to
the network management system

A

Agents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Software running on one or more servers to control the monitoring of
network-attached devices and computers

A

Network Management System (NMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Version of SNMP that provides integrity, authentication, and encryption
of the messages being sent over the network

A

SNMP v3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A technical assessment conducted on applications, systems, or networks

A

Auditing

17
Q

Data files that contain the accounting and audit trail for actions
performed by a user on a computer or network

A

Logs

18
Q

Logs the events such as successful and unsuccessful user logins to
the system

A

Security Logs

19
Q

Logs the events such as a system shutdown and driver failures

A

System Logs

20
Q

Logs the events for the operating system and third-party
applications

A

Application Logs

21
Q

A standardized format used for computer message logging that
allows for the separation of the software that generates
messages, the system that stores them, and the software that
reports and analyzes them

A

SYSLOG

22
Q

Actions taken to ensure the proper creation and storage of a log file, such
as the proper configuration, saving, back up, security, and encryption of
the log files

A

Log File Maintenance

23
Q

When a maximum log size is reached, the system can begin overwriting
the oldest events in the log files to make room

A

Overwrite Events

24
Q

Technology like a DVD-R that allows data to be written only once but
read unlimited times

A

Write Once Read Many (WORM)

25
Q

A solution that provides real-time or near-real-time analysis of security
alerts generated by network hardware and applications

A

SIEM

26
Q

A market-leading big data information gathering and analysis tool that
can import machine-generated data via a connector or visibility add-on

A

Splunk

27
Q

Collection of free and open-source SIEM tools that provides storage,
search, and analysis functions
* Elasticsearch (query/analytics)
* Logstash (log collection/normalization)
* Kibana (visualization)
* Beats (endpoint collection agents)

A

ELK/Elastic Stack

28
Q

A SIEM log management and analytics software that can be used for
compliance reporting for legislation and regulations like HIPPA, SOX, and
PCI DSS

A

ArcSight

29
Q

A SIEM log management, analytics, and compliance reporting
platform created by IBM

A

QRadar

30
Q

An open-source SIEM with an enterprise version focused on compliance
and supporting IT operations and DevOps

A

Graylog

31
Q

A protocol enabling different appliances and software applications to
transmit logs or event records to a central server

A

Syslog

32
Q

A class of security tools that facilitates incident response, threat hunting,
and security configuration by orchestrating automated runbooks and
delivering data enrichment

A

SOAR Security Orchestration, Automation, and Response (SOAR)

33
Q

A security information and event monitoring system with an integrated
SOAR

A

Next Gen SIEM

34
Q

A checklist of actions to perform to detect and respond to a specific type
of incident

A

Playbook

35
Q

An automated version of a playbook that leaves clearly defined
interaction points for human analysis

A

Runbook