Using Security Tools

Question 1

Netcat can be used to remotely administer systems and also gather information on them, correct?
Would this be a security concern if someone was found to have this on their computer at work?

Answer 1

Yes

And yes, because it can be used to change settings of other machines

Question 2

The Windows security log is really 3 logs in one, what are they?

Answer 2

Security log
Audit Log
Access Log

Question 3

A Security Information Management (SIM) solution provides what? It is also used to provide important reports for what?

Answer 3

Long term storage of data along with methods to analyze it looking for trends.
It is also needed to provide reports to verify compliance of laws or regulations

Question 4

What is the name given to the system that provides real-time monitoring, analysis and notification of security events?

Answer 4

Security Event Management

Question 5

in an SIEM system, why is Aggregation useful?

Answer 5

It formats event logs it collects from different sources into a common format allowing ease of analysis

Question 6

in SIEM, the Correlation Engine does what?

Answer 6

collects and analyzes event data from various systems in the network and sends alerts to admins.
It requires Aggregation to do this

Question 7

What feature allows an SIEM package to respond by taking protective action, like altering a firewall rule, when it sees a pre-defined series of events?

Answer 7

Automated Triggers

Question 8

SIEM uses what method to prevent users from modifying log entries?

Answer 8

WORM - Write Once, Read Many

Question 9

In SIEM, what’s the most important thing to do next after detecting a breach and aggregating logs?

a) event deduplication
b) timesynchronization
c) impact assessment

Answer 9

a) event de-duplication