Section 4.3 Appropriate data sources to support an investigation Flashcards

1
Q

What can identify an report various vulnerabilities before they are exploited, such as software flaws, missing patches, open ports, services that should not be running, and weak passwords?

A

Vulnerability scanners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Dashboards are very useful to the security operations centers as they provide?

A

centralized visibility and information on threats in real time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What kind of log file can identify the IP and MAC addresses of devices that are attached to your network? NIDS/NIPS can be important in identifying threats and anomalies from these.

A

Network log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What kind of log file contains many types of information about web requests so evidence of potential threats and attacks will be visible here?

A

Web log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

400 series HTTP response codes are what kind of errors?

A

client-side errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

500 series HTTP response codes are what kind of errors?

A

server-side errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Sending log files that exist on client and server systems can help establish what?

A

a central audit trail and visibility into the scope of an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What kind of log files contain information about hardware changes, updates to devices, and time synchronization, group policy application, etc…?

A

System log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What kind of log files contain information about software applications when launched, success or failure, and warnings about potential problems or errors?

A

Application log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What kind of log files contain information about a successful login as well as unauthorized attempts to access the system and resources? Captures information on file access and can determine who has downloaded certain data and can identify attackers trying to log into your computer systems.

A

Security log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What kind of log files contain virtually all DNS server-level activity such as zone transfer, DNS server errors, DNS caching, and DNSSEC?

A

DNS log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What kind of log files contain information about login events, logging success or failure?

A

Authentication log files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What kind of log files are generated when a computer crashes with contents in the memory saved in a dump file (.dmp)?

A

Dump files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is known as a log collector as it collects event logs from various devices and often sent to a central server?

A

Syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What logging solution is a utility for querying and displaying logs from a journald, which is systemd’s logging service?

A

journalctl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What logging solution collects and stores log data in binary format?

A

journald

17
Q

What logging solution is used to query and display journald logs in a readable format?

A

journalctl

18
Q

What logging solution is an open-source log management tool that helps identify security risks in a Linux/Unix environment? It’s a multi-platform log collection and centralization tool that offers log processing features, including log enrichment and log forwarding.

A

NXLog

19
Q

What monitor changes in traffic patterns and identify devices on the network that are causing bottlenecks? They can be used to understand you network traffic flow and can detect broadcast storms and potential denial-of-service attacks.

A

Bandwidth Monitors

20
Q

What do you call data that provides information about other data?

A

Metadata

21
Q

What kind of metadata is headers that contain detailed information, including source, destination, and route through the email providers to the recipient? Can be used when phishing emails are received to identify the bad actor.

A

Email Metadata

22
Q

What kind of metadata provides information about every page created on a website, including author, date created, images, and other files (videos, pdfs, etc..)?

A

Web Metadata

23
Q

What kind of metadata can be used to track information such as the author, date created, date modified, and file size?

A

File Metadata

24
Q

What kind of metadata might include geotagging that documents the location in which a photograph was taken?

A

Photograph metadata

25
Q

What kind of network monitoring solution is a CISCO product that monitors network traffic and can identify the load on the network? In an investigation, it can help identify patterns in network traffic.

A

Netflow

26
Q

What kind of network monitoring solution is a multi-vendor product that provides visibility into network traffic patterns? Can help identify malicious traffic to help in securing the network.

A

Sflow

27
Q

What kind of network monitoring solution can be used to capture traffic from the node itself and data can then be exported to a collector within the node? Can be used to identify data traveling through a switch to facilitate billing and format IP flow data and forward it to a collector.

A

IP Flow Information Export (IPFIX)