siem

Question 1

SIEM

Answer 1

Security information and event management, SIM+SEM together

Question 2

SIM

Answer 2

Security information management

Question 3

SEM

Answer 3

Security event information

Question 4

SIM definition

Answer 4

The practice of collecting, monitoring, and analyzing data from computer logs

Question 5

SEM definition

Answer 5

The process of collecting, monitoring, and analyzing data from events in software, system, and IT environment

Question 6

Types of logs to capture

Answer 6

Application logs, system logs, and host activity

Question 7

Application logs

Answer 7

Logs modification of applications and changing records

Question 8

System logs

Answer 8

Logs who logged into system and what actions they performed

Question 9

Host activity

Answer 9

Machines starting up, rebooting, shutting down, changes to configs, and disk space

Question 10

SIEM collects data from

Answer 10

Firewalls, intrusion detection systems, intrusion prevention systems, and application servers

Question 11

Security intrusion

Answer 11

A security event, or a combination events, that constitutes a security incident in which an intruder
gains, or attempts to gain, access to a system (or system resource) without having authorization to do so

Question 12

Intrusion detection

Answer 12

A security service that monitors and analyzes system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized
manner

Question 13

Intrusion detection system

Answer 13

Notifies that an unusual activity has occurred and is usually placed behind the firewall

Question 14

Parts of IDS

Answer 14

Sensors, analyzers, and user interface

Question 15

IDS sensors

Answer 15

Collect data from network packets, logs files, and system call traces

Question 16

IDS analyzers

Answer 16

Determine if intrusion has occurred based on data from sensors and can send alerts or rocommendations

Question 17

IDS user interface

Answer 17

View output and control system behavior

Question 18

3 classifications of IDS

Answer 18

Host-based (HIDS), network-based (NIDS), and distributed/hybrid

Question 19

HIDS

Answer 19

Monitors the characteristics of a single host for suspicious activity

Question 20

NIDS

Answer 20

Monitors network traffic and analyzes network, transport, and application protocols to identify suspicious activity on the perimeter security

Question 21

Distributed/hybrid IDS

Answer 21

Combines information from a number of sensors, often both host and network based, in a central analyzer that is able to better identify and respond to intrusion activity

Question 22

What are the 2 interfaces for NIDS?

Answer 22

One for monitoring/watching traffic, other for accessing reports

Question 23

NID sensors

Answer 23

Inline sensor and passive sensor (more common)

Question 24

Inline sensor

Answer 24

Inserted into network segment so traffic must go through it and part of a firewall

Question 25

Passive sensor

Answer 25

Monitors a copy of the network traffic with no extra step in handling live data to contribute to a packet delay