Section 4.3 Appropriate data sources to support an investigation Flashcards
What can identify an report various vulnerabilities before they are exploited, such as software flaws, missing patches, open ports, services that should not be running, and weak passwords?
Vulnerability scanners
Dashboards are very useful to the security operations centers as they provide?
centralized visibility and information on threats in real time
What kind of log file can identify the IP and MAC addresses of devices that are attached to your network? NIDS/NIPS can be important in identifying threats and anomalies from these.
Network log files
What kind of log file contains many types of information about web requests so evidence of potential threats and attacks will be visible here?
Web log files
400 series HTTP response codes are what kind of errors?
client-side errors
500 series HTTP response codes are what kind of errors?
server-side errors
Sending log files that exist on client and server systems can help establish what?
a central audit trail and visibility into the scope of an attack
What kind of log files contain information about hardware changes, updates to devices, and time synchronization, group policy application, etc…?
System log files
What kind of log files contain information about software applications when launched, success or failure, and warnings about potential problems or errors?
Application log files
What kind of log files contain information about a successful login as well as unauthorized attempts to access the system and resources? Captures information on file access and can determine who has downloaded certain data and can identify attackers trying to log into your computer systems.
Security log files
What kind of log files contain virtually all DNS server-level activity such as zone transfer, DNS server errors, DNS caching, and DNSSEC?
DNS log files
What kind of log files contain information about login events, logging success or failure?
Authentication log files
What kind of log files are generated when a computer crashes with contents in the memory saved in a dump file (.dmp)?
Dump files
What is known as a log collector as it collects event logs from various devices and often sent to a central server?
Syslog
What logging solution is a utility for querying and displaying logs from a journald, which is systemd’s logging service?
journalctl