3.3

Question 1

Whats log management?

Answer 1

It’s a very diverse log sources which usually are sent via syslog and it requires a massive storage which also makes data rollup important.

Question 2

Whats port scanning?

Answer 2

It’s finding devices and identify ports(Nmap).

Question 3

Whats vulnerability scanning?

Answer 3

By using a vulnerability scanner, we can poke around and see whats open, identify systems and security devices. This is done from the inside and the outside.

Question 4

What does a vulnerability scan result help with?

Answer 4

1. Shows the lack of security control(no firewall, no anti-virus, no anti-spyware)
2. Shows misconfigurations (open shares and guest access)

Question 5

Whats patch management?

Answer 5

It helps with system stability and security fixes which are incredibly important and if its more than one patch at a time, we get them in service packs all at once like windows monthly updates(incremental).

Question 6

Whats rollback option?

Answer 6

The reverse of patch management (helps with going back to normal if one of the patches cause problems.)

Question 7

Whats baseline review?

Answer 7

Reviewing baseline helps you to understand what the normal operation of your network might be over time.

Question 8

What is protocol analyzer used for?

Answer 8

It helps to solve complex application issues since it can get into the details by gathering packets on the network and they view traffic patterns.

Question 9

Whats interface monitoring?

Answer 9

It’s used to see if a device is up or down.

Question 10

Whats alerting in interface monitoring?

Answer 10

It’s a basic automated function we create to warn the user about the malfunction and sent to them via email or sms.

Question 11

Whats SIEM?

Answer 11

(Security Information and Event Management)

1. It helps with real-time info and security alerts.
2. It also helps with log aggregation and lon-term storage.
3. We can create data correlation.
4. It helps with Forensic analysis by gathering details after an event.

Question 12

Whats syslog?

Answer 12

It’s the standards for message logging that works on different systems and they use syslog protocols to send data to the SIEM and that means a lot of disk space.

Question 13

Whats the difference between SIEM dashboard and SIEM logs?

Answer 13

SIEM logs show a lot of details while SIEM dashboard gives you a broader view.

Question 14

Whats SNMP?

Answer 14

(Simple Network Management Protocol) Another way to monitor the network and all of the devices is to proactively query those devices for more information.

Question 15

Whats MIB?

Answer 15

(Management Information Base) It’s a collection database of data

Question 16

Whats error rate?

Answer 16

We can monitor interfaces for errors. We can look at those error rates over time, and we can see exactly the specific error that may be occurring.

Question 17

Whats utilization?

Answer 17

another good monitoring statistic is to evaluate how much traffic is going through a particular interface and gather utilization details on every single interface on our network.

Question 18

What are packet drops?

Answer 18

These errors occur when the problem isn’t associated with the packet, but instead is associated with the system’s ability to process that packet.

Question 19

Whats the difference between bandwidth and throughput?

Answer 19

Throughput is an actual measure of how much data is successfully transferred from source to destination, and bandwidth is a theoretical measure of how much data could be transferred from source to destination.