Monitoring and Auditing

Question 1

Network traffic is analyzed for predetermined attack patterns

Answer 1

Signature-based

Question 2

A baseline is established and any network traffic that is outside of the
baseline is evaluated

Answer 2

Anomoly-based

Question 3

Activity is evaluated based on the previous behavior of applications,
executables, and the operating system in comparison to the current
activity of the system

Answer 3

Behavior Based

Question 4

Process of measuring changes in networking, hardware, software, and
applications

Answer 4

Baselining

Question 5

Documenting and reporting on the changes in a baseline

Answer 5

Baseline Reporting

Question 6

Risk level to which a system or other technology element is exposed

Answer 6

Security Posture

Question 7

Network adapter is able to capture all of the packets on the network,
regardless of the destination MAC address of the frames carrying them

Answer 7

Promiscuous Mode

Question 8

Network adapter can only capture the packets directly addressed to itself

Answer 8

Non-promiscuous Mode

Question 9

One or more switch ports are configured to forward all of their packets to
another port on the switch

Answer 9

Port Mirroring

Question 10

A physical device that allows you to intercept the traffic between
two points on the network

Answer 10

Network Tap

Question 11

A TCP/IP protocol that aids in monitoring network-attached devices and
computers

Answer 11

Simple Network Management Protocol (SNMP)

Question 12

Computers and other network-attached devices monitored through the
use of agents by a network management system

Answer 12

Managed Devices

Question 13

Software that is loaded on a managed device to redirect information to
the network management system

Answer 13

Agents

Question 14

Software running on one or more servers to control the monitoring of
network-attached devices and computers

Answer 14

Network Management System (NMS)

Question 15

Version of SNMP that provides integrity, authentication, and encryption
of the messages being sent over the network

Answer 15

SNMP v3

Question 16

A technical assessment conducted on applications, systems, or networks

Answer 16

Auditing

Question 17

Data files that contain the accounting and audit trail for actions
performed by a user on a computer or network

Answer 17

Logs

Question 18

Logs the events such as successful and unsuccessful user logins to
the system

Answer 18

Security Logs

Question 19

Logs the events such as a system shutdown and driver failures

Answer 19

System Logs

Question 20

Logs the events for the operating system and third-party
applications

Answer 20

Application Logs

Question 21

A standardized format used for computer message logging that
allows for the separation of the software that generates
messages, the system that stores them, and the software that
reports and analyzes them

Answer 21

SYSLOG

Question 22

Actions taken to ensure the proper creation and storage of a log file, such
as the proper configuration, saving, back up, security, and encryption of
the log files

Answer 22

Log File Maintenance

Question 23

When a maximum log size is reached, the system can begin overwriting
the oldest events in the log files to make room

Answer 23

Overwrite Events

Question 24

Technology like a DVD-R that allows data to be written only once but
read unlimited times

Answer 24

Write Once Read Many (WORM)

Question 25

A solution that provides real-time or near-real-time analysis of security
alerts generated by network hardware and applications

Answer 25

SIEM

Question 26

A market-leading big data information gathering and analysis tool that
can import machine-generated data via a connector or visibility add-on

Answer 26

Splunk

Question 27

Collection of free and open-source SIEM tools that provides storage,
search, and analysis functions
* Elasticsearch (query/analytics)
* Logstash (log collection/normalization)
* Kibana (visualization)
* Beats (endpoint collection agents)

Answer 27

ELK/Elastic Stack

Question 28

A SIEM log management and analytics software that can be used for
compliance reporting for legislation and regulations like HIPPA, SOX, and
PCI DSS

Answer 28

ArcSight

Question 29

A SIEM log management, analytics, and compliance reporting
platform created by IBM

Answer 29

QRadar

Question 30

An open-source SIEM with an enterprise version focused on compliance
and supporting IT operations and DevOps

Answer 30

Graylog

Question 31

A protocol enabling different appliances and software applications to
transmit logs or event records to a central server

Answer 31

Syslog

Question 32

A class of security tools that facilitates incident response, threat hunting,
and security configuration by orchestrating automated runbooks and
delivering data enrichment

Answer 32

SOAR Security Orchestration, Automation, and Response (SOAR)

Question 33

A security information and event monitoring system with an integrated
SOAR

Answer 33

Next Gen SIEM

Question 34

A checklist of actions to perform to detect and respond to a specific type
of incident

Answer 34

Playbook

Question 35

An automated version of a playbook that leaves clearly defined
interaction points for human analysis

Answer 35

Runbook