Security Essentials, Textbook page 94

Copyright Goodheart-Willcox Co., Inc. 94 Log Management ■ ■ Log management is the process of generating, transmitting, analyzing, archiving, and disposing of log data. ■ ■ Log management software (LMS) enables aggregation of files from endpoint devices so the security posture of an organization can be monitored to support investigation of network events. ■ ■ Log analysis is the process of setting policies regarding the collection, review, and analysis of log data. Log analysis can occur at different stages of a data life cycle. Reviewing logs in real-time should focus on identification of vulnerabilities and threats to initiate immediate remediation. Viewing Event Logs ■ ■ Event log data can be reviewed in Window using Event Viewer, which is a versatile program that allows administrators to view, save, and back up log files. ■ ■ When Event Viewer is first opened, the main screen provides a dashboard for quick analysis. Multiple logs from different machines can be forwarded to one combined log. ■ ■ With Event Viewer, other hosts can be set up to forward entire logs or specific events to a single source log. Organization can also back up log data. REVIEW QUESTIONS 1. Summarize the reasons to perform a security evaluation. 2. Discuss threat hunting. 3. List three sources for obtaining cyber threat intelligence. 4. Explain the use of a vulnerability scan as a component of a security assessment. 5. Identify and explain four types of vulnerability scanning techniques. 6. Summarize penetration testing. 7. State the difference between the three types of pen tests. 8. Which team for penetration testing is known as the defensive security professionals? 9. State the difference between passive and active reconnaissance. 10. Briefly explain three types of penetration techniques. 11. Summarize penetration testing cleanup. 12. Discuss the importance of system baselines and performance monitoring. 13. List four components a Performance Monitor tracks. 14. Identify and explain five types of log files. 15. Summarize syslog. 16. Identify and explain four of the features of a security information and event management (SIEM) system. 17. What two components create the blended SIEM product? 18. Summarize SOAR. 19. Discuss log management. 20. Explain viewing of event logs.

Previous Page Next Page

Security Essentials, Textbook Page 94 (108 of 704)

Help