Section 23.219 Alerting and Monitoring: & Monitoring Resources Flashcards

Objective 4.4 Explain security alerting and monitoring concepts and tools

1
Q

Importance

Alerting and Monitoring

A

Crucial for maintaining integrity, confidentiality, and availability of
information systems

Components:

● Alerting (notifying personnel of potential security incidents)

● Monitoring (continuous observation to detect anomalies or threats)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Alerts

True Positive

A

Correctly identifies a legitimate issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

False Positive

A

Incorrectly indicates an issue when there isn’t one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True Negative

A

Correctly recognises the absence of an issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

False Negative

A

Fails to alert about a real issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Alerting System Goals

A

● Maximise true positives

● Minimise false positives to avoid alert fatigue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Monitoring Types

A

Automated Monitoring
○ Software tools for scanning and analysing

Manual Monitoring
○ Human personnel actively reviewing and analyzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Monitoring Resources

Monitoring Systems

A

Involves observing a computer system’s performance, including…

● CPU
● Memory
● Disk usage
● Network performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Baseline

A

A reference point representing normal system behavior under typical operating conditions

■ Baseline metrics can include CPU usage, memory utilisation, disk activity, and network traffic

■ Deviations from the baseline can indicate potential issues, prompting proactive troubleshooting and maintenance

Baseline reference point

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Application Monitoring

A

Focuses on managing and monitoring software application performance and availability

■ Tracks errors, bottlenecks, and issues that may affect an application’s performance or user experience

■ Tools like New Relic and AppDynamics track response times and error rates

■ Slower response times may indicate code problems or resource deficiencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Infrastructure Monitoring

A

Observes physical and virtual infrastructure, including servers, networks, virtual machines, containers, and cloud services

■ Provides insights into network traffic, bandwidth usage, and device status

■ Tools like SolarWinds and PRTG Network Monitor help monitor network infrastructure

■ Overloaded network switches can signal the need for additional capacity or configuration issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly