4.4: Explain security alerting and monitoring concepts and tools

0.0(0)
Studied by 0 people
linked notesView linked note
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/9

flashcard set

Earn XP

Description and Tags

These flashcards cover key concepts related to security alerting and monitoring from the lecture notes.

Last updated 10:12 PM on 3/23/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

10 Terms

1
New cards

The core function of a SIEM tool is to __________ data from network sensors and appliance logs.

Collect and correlate

2
New cards

Agent-based collection means installing an agent service on each __________.

Host

3
New cards

True negatives are a measure of events that the system has __________ allowed.

Properly

4
New cards

A process that runs on the management server to parse and normalize logs is known as __________-based collection.

Listener/collector

5
New cards

__________ refers to normalizing data from different sources so that it is consistent and searchable.

Log aggregation

6
New cards

A SIEM correlation rule uses __________ expressions to match certain conditions.

Logical

7
New cards

When an alert is generated but there is no actual threat activity, it is referred to as a __________ positive.

False

8
New cards

A SIEM can assist with __________ activity by exporting summary statistics and graphs.

Reporting

9
New cards

SIEM performance will degrade if an excessive amount of __________ is kept available for live analysis.

Data

10
New cards

One of the functions of a vulnerability scan is to assess the configuration of security __________ and application settings.

Controls