Using Security Tools Flashcards
Netcat can be used to remotely administer systems and also gather information on them, correct?
Would this be a security concern if someone was found to have this on their computer at work?
Yes
And yes, because it can be used to change settings of other machines
The Windows security log is really 3 logs in one, what are they?
Security log
Audit Log
Access Log
A Security Information Management (SIM) solution provides what? It is also used to provide important reports for what?
Long term storage of data along with methods to analyze it looking for trends.
It is also needed to provide reports to verify compliance of laws or regulations
What is the name given to the system that provides real-time monitoring, analysis and notification of security events?
Security Event Management
in an SIEM system, why is Aggregation useful?
It formats event logs it collects from different sources into a common format allowing ease of analysis
in SIEM, the Correlation Engine does what?
collects and analyzes event data from various systems in the network and sends alerts to admins.
It requires Aggregation to do this
What feature allows an SIEM package to respond by taking protective action, like altering a firewall rule, when it sees a pre-defined series of events?
Automated Triggers
SIEM uses what method to prevent users from modifying log entries?
WORM - Write Once, Read Many
In SIEM, what’s the most important thing to do next after detecting a breach and aggregating logs?
a) event deduplication
b) timesynchronization
c) impact assessment
a) event de-duplication