Security Monitoring and Alerting Flashcards
Which form of monitoring leverages lightweight software on the devices or virtual machine to track the uptime and performance?
A. Agent-based monitoring
B. Clientless monitoring
C. Agentless monitoring
D. API-based monitoring
A. Agent-based monitoring
This method involves deploying software agents on the devices or virtual machines. These agents collect performance data and send it to a central monitoring system.
What is a solution that helps enterprises detect, analyze, and respond to security threats before they affect business operations by gathering event log data from a range of sources and recognizes activity that diverges from the norm in real-time?
A. SNMP
B. SIEM
C. SCAP
D. SOAR
A. SIEM
(Security Information and Event Management): SIEM solutions collect, analyze, and correlate log data from various sources to identify security threats. They can detect anomalous behavior and trigger alerts in real-time.
Which authentication model is used in SNMPv3?
A. User and group based
B. Anomaly based
C. Community based
D. Passphrase based
A. User and group based
Which SCAP specification is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise’s computing assets?
A. Open checklist interactive language (OCIL)
B. Common platform enumeration (CPE)
C. Trust model for security automation data (TMSAD)
D. Software identification (SWID) tagging
B. Common platform enumeration (OCIL)
CPE is a standardized method for describing and identifying classes of applications, operating systems, and hardware devices. It provides a consistent way to categorize and identify software and hardware products, making it easier to manage and assess security risks.
Which feature of an anti-virus software uses human-defined rules to dynamically find suspicious architecture and behavior code?
A. Sandbox analysis
B. Cloud analysis
C. Heuristic detection
D. User behavioral analytics
C. Heuristic detection
Heuristic detection uses a set of predefined rules to analyze the behavior and characteristics of software to identify potential threats. These rules are designed to detect suspicious patterns and anomalies, even if the specific malware hasn’t been seen before.
Which is an assortment of software services and tools that allow organizations to simplify and aggregate security operations in the areas of threat and vulnerability management, incident response, and security operations automation?
A. SOAR
B. SNMP
C. SIEM
D. SCAP
A. SOAR (Security Orchestration, Automation, and Response)
SOAR platforms are designed to streamline and automate security operations, helping organizations to respond more quickly and effectively to security threats. They integrate with various security tools, including SIEM, to provide a unified approach to security management.
With traditional NetFlow services, a flow is technically defined by its 5-tuple, a collection of five data points. Which are valid data points in a NetFlow record? Choose more than one option.
A. Destination IP addresses
B. Protocol
C. Source and destination ports
D. MAC address
E. 802.1Q VLAN ID
F. Source IP addresses
A. Destination IP addresses
B. Protocol
C. Source and destination ports
F. Source IP addresses
What is the process of accumulating, categorizing, standardizing, and consolidating log data from across an IT infrastructure to enable and enhance streamlined log analysis?
A. Collaboration
B. Aggregation
C. Deduplication
D. Obfuscation
B. Aggregation
Aggregation is the process of collecting and combining log data from various sources into a centralized repository. This process involves categorizing and standardizing the data to ensure consistent formatting and structure, making it easier to analyze and correlate events.
