Section 4.4 Flashcards
What is a SIEM? (or SEM)
Security Information and Event Manager (SIEM) allows the consolidation of many different logs from different devices such as servers, firewalls, VPNs, SANs, etc to a central database.
What is SCAP?
Security Content Automation Protocol (SCAP) is maintained by NIST and it allows different tools to identify vulnerabilities and act on the vulnerabilities using the same criteria.
What are benchmarks?
Benchmarks are a set of security best practices to a specific device. It can be an operating system, cloud provider, mobile device, etc. This is the bare minimum for security settings.
What is an agent check?
An agent check is used to check if a device in compliance with the security baseline. It is installed onto the device. The agent is always running on the device and checking for compliance.
What is an agentless check?
An agentless check runs without performing a formal install. It runs when you first log in to the system, performs the compliance check, and then removes itself from the system. It only runs when you log in to the system, so it wont be always running on the device checking for compliance.
What is a DLP?
Data Loss Prevention (DLP) monitors and stops the traffic of the sensitive data such as ssn, credit card numbers, medical records from leaving the system. DLPs can be used in many destinations such as endpoint clients, cloud based systems (emails, cloud stoage, etc).
What is SNMP?
Simple Network Management Protocol (SNMP) is a protocol used for managing and monitoring devices on a network, such as routers, switches, servers, printers, and more. It gathers information about the status and performance of various networked devices, configure them remotely, and receive alerts when issues occur.