Prof Messer CompTIA Security+ SY0-701 - 4.9

0.0(0)
Studied by 1 person
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/10

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 1:51 AM on 5/29/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

11 Terms

1
New cards

security log files

blocked and allowed traffic flows, exploit attempts, blocked URL categories etc

critical security info

- documentation of every traffic flow

- summary of attack info

- correlate with other logs

2
New cards

firewall logs

traffic flows thru firewall

- source/destination IP, port #s, etc

NGFW

- apps used, url filtering categories, anomalies and suspicious data

3
New cards

application logs

specific to app

windows

- event viewer/app log

linux/macOS

- /var/log

parse details on a SIEM tool

4
New cards

endpoint logs

lots of data

- logon events, policy changes, system events, processes, acc management, etc

attackers often gain access to endpoints

everything rolls up into SIEM

correlate with log data from other devices

5
New cards

OS specific security logs

OS security events

- monitoring apps, brute force, file changes, auth details, etc

might be able to help you find problems before they happen

- signs of an attack, etc

may require filtering

- dont send everything to the SIEM

6
New cards

IPS/IDS logs

usually integrated into a NGFW

contain info about predefined vulnerabilities

- known OS vulnerabilities, generic security events

correlate with other log info on SIEM

common data points

- timestamp

- type or class of attack

- source and destination IP

- source and destination port #

7
New cards

network logs

switches, routers, VPN concentrators, etc

network changes

- routing updates

- auth issues

- network security issues

8
New cards

metadata

data that describes other data sources/files

ex:

email

- header details, sending servers, destination address, etc

mobile

- type of phone, GPS location, etc

Web

- OS, browser type, IP address

9
New cards

vulnerability scan log info

lack of security controls

- no firewall, antivirus, antispyware

misconfigurations

- open shares

- guest access

real vulnerabilities

- need to be patched

10
New cards

dashboards

real time status info

customize info on screen

shows most important data

11
New cards

packet captures

gather packets on the network

view detailed traffic information

- identify unknown traffic

- verify security controls