Network Logging and Monitoring Flashcards
Only routers can stop broadcast traffic. TRUE of FALSE?
False. Switches can too but not by default
What’s the name of Microsoft’s graphical utility used to capture network traffic called? In order to use it what capability does your NIC need to have?
Network Monitor
NIC needs to operate in promiscuous mode
What OSI layer does SNMP work at?
Layer 7
SNMP agents send what kind of messages about them to the what?
SNMP Trap messages to the Network Management Station (NMS)
The NMS solicits for what on an SNMP agent using what type of message?
Solicits for an Object ID (OID) using SNMP GET
In SNMP, what are SET messages used for?
configuring agents
What SNMP message gathers many types of info at once to cut down on multiple GET messages?
GET BULK
Which version of SNMP uses plain-text authentication with MD5/SHA, no encryption and uses UDP by default?
SNMPv2c
what utility allows you to log events based on 8 (0-7) severity levels?
syslog
By default, what two places do all system messages and debug output generated by the IOS go out of?
Console Port and RAM buffer
List the top 4 (by urgency) severity states by number and description
0 - Emergency (lowest level)
1 - Alert
2 - Critical
3 - Error
List the lower 4 severity states by number and description
4 - Warning
5 - Notification
6 - Information
7 - Debugging
If you configure severity level 03, what levels of severity will you be notified on?
0 through 3
SIEM provides what?
real-time analysis of security alerts generated by network hardware applications
Regarding security event management:
What term is used to describe the long-term storage, analysis and reporting on log data?
What term is used to describe the management of real-time monitoring and correlation of events?
Security Information Management (SIM)
Security Event Management
(SIM, SEM and SIEM are often used interchangeably)
What software monitoring products are used exclusively by security network admins?
SIEM (security information and event management) software products
When I a SIEM alert is triggered and notification generated, who typically addresses the problem?
The Security Operations Centre
List the 3 types of system event logs?
1) Application
2) Security
3) System
Windows Server 2008 offered what optional monitoring and optimization tool?
System Centre Operations Manager 2010
Utilization cover what 3 things?
1) Wired/Wireless Bandwidth utilisation
2) Server/Host activity utilisation
3) wireless channel utilisation
what standard, originally developed for the sendmail project and used by Unix facilitates the transmission of log entries generated by a device across an IP network to a message collector?
Syslog
Which Microsoft tool checks the baseline configuration for it’s operating systems?
MS Baseline Security Analyzer (MBSA). But now replaced by Microsoft Security Compliance Toolkit (SCT)
Which Microsoft application is used for all kinds of Microsoft OS and product updates and which is used for application patches?
WSUS (Windows Server Update Services) for OS updates
SCCM (Systems Centre Configuration Manager)
log entry, sending an email, or sending a text message in response to an alert are forms of what?
Notifications
