Using Security Tools Flashcards

1
Q

Netcat can be used to remotely administer systems and also gather information on them, correct?
Would this be a security concern if someone was found to have this on their computer at work?

A

Yes

And yes, because it can be used to change settings of other machines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Windows security log is really 3 logs in one, what are they?

A

Security log
Audit Log
Access Log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A Security Information Management (SIM) solution provides what? It is also used to provide important reports for what?

A

Long term storage of data along with methods to analyze it looking for trends.
It is also needed to provide reports to verify compliance of laws or regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the name given to the system that provides real-time monitoring, analysis and notification of security events?

A

Security Event Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

in an SIEM system, why is Aggregation useful?

A

It formats event logs it collects from different sources into a common format allowing ease of analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

in SIEM, the Correlation Engine does what?

A

collects and analyzes event data from various systems in the network and sends alerts to admins.
It requires Aggregation to do this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What feature allows an SIEM package to respond by taking protective action, like altering a firewall rule, when it sees a pre-defined series of events?

A

Automated Triggers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SIEM uses what method to prevent users from modifying log entries?

A

WORM - Write Once, Read Many

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In SIEM, what’s the most important thing to do next after detecting a breach and aggregating logs?

a) event deduplication
b) timesynchronization
c) impact assessment

A

a) event de-duplication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly