32 Questions
What is the primary function of a Security Information and Event Manager (SIEM)?
To consolidate logs from different devices
What is the purpose of a facility code in a Syslog log entry?
To identify the program that created the log entry
Which of the following is NOT a popular syslog daemon for Linux devices?
syslog
What is the benefit of using a SIEM to consolidate log files from different devices?
To make it easier to search and analyze log data
What is the purpose of a severity level in a Syslog log entry?
To indicate the level of importance of the log entry
What is the primary benefit of using Syslog to transfer log files?
To allow for centralized log collection and consolidation
What is the primary purpose of the journalctl utility in Linux?
To query the system journal for log information
What type of logs are specific to the operating system itself?
System logs
What is the primary reason for monitoring bandwidth usage?
To qualify available bandwidth for applications
What protocol is used for bandwidth monitoring?
All of the above
What type of information is contained in the headers of an email message?
All of the above
What is the purpose of metadata in files?
To describe other types of data
What type of information can be stored in the metadata of a picture taken on a mobile device?
All of the above
What type of information is transferred in the metadata of a web browser connection?
All of the above
What type of information can be found in the metadata of a Microsoft Office document?
All of the above
What format are Linux system logs stored in?
Binary format
What can you see in the details of an email message?
The return path and other validation details
What is the primary function of NetFlow?
To gather network statistics from switches and routers
What is the architecture of NetFlow?
Probe and collector are separated
What is the primary purpose of protocol analyzers?
To troubleshoot complex application problems
What is IPFIX?
A newer version of NetFlow
Why is sFlow used?
To reduce the resources required for network traffic analysis
What type of networks can protocol analyzers be used on?
Both wireless and wired networks, as well as wide area networks
What can you infer from sFlow devices?
Relatively accurate statistics from sampled traffic
What feature of protocol analyzers allows users to view specific information?
Packet filtering
What is the purpose of a protocol analyzer?
To get detailed information of network traffic
What information is provided by the protocol decodes on a protocol analyzer?
A plain English breakdown of network traffic
What is shown in the NetFlow collector front end?
Top 10 conversations and top 10 endpoints by bandwidth
What information can be seen in the packet by packet breakdown of a protocol analyzer?
Delta times, source IP addresses, source port numbers, and other information
What is the advantage of IPFIX over NetFlow?
It provides more flexibility in data collection
What is the benefit of using a protocol analyzer to troubleshoot network issues?
It provides a detailed breakdown of network traffic, making it easier to identify issues
Why is NetFlow a well-established standard?
It is compatible with devices from many manufacturers
Learn about Syslog, a standard method for transferring log files from devices to a centralized database, and its integration with Security Information and Event Managers (SIEM).
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free