Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 23.222 Security Information and Event Management (SIEM) > Flashcards

Section 23.222 Security Information and Event Management (SIEM) Flashcards

Objective 4.4 Explain security alerting and monitoring concepts and tools

1
Q

SIEM (Security Information and Event Management)

A

A solution for real-time or near-real-time analysis of security alerts generated by network hardware and applications

■ SIEM helps correlate various events and incidents from system logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Importance of Log Reviews

A

Critical for security assurance

■ Logs should be reviewed regularly and routinely, not just after an incident or as part of an instant response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SIEM Functionality

A

■ Correlates and analyses log data

■ Consolidates data from various systems into a centralized database or repository

■ Detects patterns indicating security threats

■ Generates alerts for security teams to investigate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Agent-Based vs. Agentless SIEM

Agent-Based

A

● Software agents are installed on each system to collect and send log data

● Provides real-time data and detailed information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Agent-Based vs. Agentless SIEM

Agentless

A

● Log data is collected directly from systems using standard protocols

● Reduces maintenance but may not collect real-time or detailed data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SIEM Implementation Considerations

A

■ Log all relevant events and filter out irrelevant data

■ Establish and document the scope of events

■ Develop use cases to define threats

■ Plan incident response actions for different events

■ Establish a ticketing process to track flagged events

■ Schedule regular threat hunting to detect unnoticed events

■ Provide auditors and analysts with an evidence trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Common SIEM Solutions

Splunk

A

● Big data information gathering and analysis tool

● Offers connectors for various data systems

● Provides search processing language for data analysis

● Comes with pre-configured templates and dashboards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Common SIEM Solutions

ELK (Elastic Stack)

A

A collection of free and open-source SIEM tools, including the following

○ Elasticsearch
○ Logstash
○ Kibana
○ Beats

Components work together for log collection, storage, analysis, and visualisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Common SIEM Solutions

ArcSight

A

SIEM log management and analytics software

● Suitable for compliance reporting for regulations like HIPAA, SOX, and PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Common SIEM Solutions

QRadar

A

● A SIEM log management, analytics, and compliance reporting platform created by IBM

● Offers a dashboard for data visualisation and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions