70 Copyright Goodheart-Willcox Co., Inc. Security Evaluation 3 LEARNING OUTCOMES ■ ■■ Summarize reasons to perform a security evaluation. ■■ Discuss threat hunting. ■■ Explain the use of a vulnerability scan as a component of a security assessment. ■■ Summarize penetration testing. ■■ Differentiate between passive and active reconnaissance. ■■ Recognize types of penetration techniques. ■■ Summarize penetration testing cleanup. ■■ Discuss the importance of system baselines and performance monitoring. ■■ Identify and explain types of log files. ■■ Summarize syslog. ■■ Identify the features of a security information and event management system (SIEM). ■■ Summarize SOAR. ■■ Discuss log management. ■ Explain viewing of event logs. CHAPTER KEY TERMS active reconnaissance application scanning automated alert and trigger banner grabbing baseline black box test Common Vulnerabilities and Exposure (CVE) Common Vulnerability Scoring System (CVSS) configuration-compliance scanner configuration review credentialed scan data input escalation of privilege ethical hacking event deduplication false negative false positive footprinting gray box test initial exploitation intelligence fusion intrusive test lateral movement log aggregation log analysis log collector log file log management log review network vulnerability scanner noncredentialed scan non-intrusive test NXlog orchestration packet capture passive reconnaissance penetration exercise penetration testing penetration testing authorization persistence pivot port scanner port scanning PowerShell predictive analysis rules of engagement (RoE) rsyslog security assessment security automation security information and event management (SIEM) system sentiment analysis SIEM correlation SIEM dashboard SIEM log SMTP querying SOAR system logging protocol (syslog) time synchronization threat hunting threat intelligence feed