Network Monitoring

Question 1

Simple Network Management Protocol (SNMP)

Answer 1

Sends and receives data from managed devices back to a centralized network management station

Question 2

Granular (SNPM)

Answer 2

Sent trap messages get a unique objective identifier to distinguish each message as a unique message

Question 3

Management Information Base (MIB)

Answer 3

The structure of the management data of a device subsystem using a hierarchical namespace containing object identifiers

Question 4

Verbose

Answer 4

SNMP traps may be configured to contain all the information about a given alert or event as a payload

Question 5

SNMP Trap

Answer 5

SNMP PDU an unrequested message an agent can send the MIB to notify about an important event

Question 6

System Logging Protocol (Syslog)

Answer 6

Sends system log or event messages to a central syslog server

Question 7

Audit Log / Audit Trail

Answer 7

Contains a sequence of events for a particular activity

Question 8

Application Log (Windows)

Answer 8

Contains information about software running on a client or server

Question 9

Security Log (Windows)

Answer 9

Contains information about the security of a client or server

Question 10

System Log (Windows)

Answer 10

Contains information about the OS itself

Question 11

Windows Logs entry levels

Answer 11

Informational
Warning
Error

Question 12

Security Information and Event Management (SIEM)

Answer 12

Provides real-time or near-real-time analysis of security alerts generated by network hardware or applications

Question 13

Security Information and Event Management (SIEM) Log Collection

Answer 13

*Provides important forensic tools
*Helps address compliance reporting requirements

Question 14

Security Information and Event Management (SIEM)
Normalization

Answer 14

*Nomalize data into a common model
*Maps log messages into a common data model,
*Connect and analyze related events

Question 15

Security Information and Event Management (SIEM)
Correlation

Answer 15

Links the logs and events from different systems or applications into a single data feed

Question 16

Security Information and Event Management (SIEM)
Aggregation

Answer 16

*Reduces the volume of event data
*Consolidates duplicate event records and merge into a single record

Question 17

Security Information and Event Management (SIEM)
Reporting

Answer 17

Real-time monitoring dashboards for analysts
*Long-term summaries for management

Question 18

Protocol used by Security Information and Event Management (SIEM)

Answer 18

Syslog protocol
UDP 514 / TCP 1468

Question 19

Benefits of patch management

Answer 19

1. Security
2. Uptime
3. Compliance
4. Improve Features

Question 20

Steps of patch management

Answer 20

1. Planning
2. Testing
3. Implementation
4. Auditing

Question 21

Planning (Patch Management)

Answer 21

Track available patches and updates
* Determines how to test and deploy each patch

Question 22

Testing (Patch Management)

Answer 22

Test any patch received from a manufacturer prior to automating its deployment through the network

Question 23

Implementation (Patch Management)

Answer 23

Deploy the patch to all of the workstations and servers that require it

Question 24

Auditing (Patch Management)

Answer 24

Scan the network and determines if the patch was installed properly and if there are any unexpected failures that may have occurred

Question 25

Signature-based Detection

Answer 25

Signature contains strings of bytes (a pattern) that triggers detection

Question 26

Policy-based Detection

Answer 26

Relies on specific declaration of the security policy

Question 27

Statistical Anomaly-based Detection

Answer 27

Watches traffic patterns to build baseline

Question 28

Non-Statistical Anomaly-based Detection

Answer 28

Administrator defines the patterns/baseline

Question 29

Managed Device

Answer 29

Any device that can communicate with an SNMP manager known as the management information base (MIB)

Question 30

5 Elements of SIEM (Security Information and Event Management)

Answer 30

1. Log Collection
2. Normalization
3. Correlation
4. Aggregation
5. Reporting