Register
A technology firm's network security specialist notices a sudden increase in unidentified activities on the firm's Security Information and Event and Management (SIEM) incident tracking system. An unknown
212k views
3 votes
A technology firm's network security specialist notices a sudden increase in unidentified activities on the firm's Security Information and Event and Management (SIEM) incident tracking system. An unknown entity or process also increases the number of reported incidents. The specialist decides to investigate these incidents. Which combination of data sources would provide a balanced perspective to support the investigation?

a.Gateway logs, which track incoming and outgoing network traffic; network interactions monitored by intrusion detection systems (IDS), which detect unauthorized activities; and logs from server OS components.
b.System-specific security logs, which track system-level operations; logs generated by applications running on hosts; and real-time reports from the SIEM solution, summarizing incidents.c
c.User activity logs, which record user behaviors; daily summary reports from the SIEM solution; and high-level network overviews, providing a broad view of network activities.
d.Logs from vulnerability assessment tools, which identify potential weaknesses; transaction logs from databases, tracking changes; and logs from mobile devices, recording device activities.

User Binbin
by
7.4k points

1 Answer

3 votes

Final answer:

To investigate unidentified activities in a technology firm's SIEM system, a network security specialist should review gateway logs, IDS logs, and server OS component logs for comprehensive insights into potential security incidents.

Step-by-step explanation:

To support the investigation of the sudden increase in unidentified activities reported by a Security Information and Event Management (SIEM) incident tracking system, a network security specialist should examine a combination of data sources that provide a balanced perspective. The combination that would serve best includes:

  • Gateway logs, which track incoming and outgoing network traffic.
  • Network interactions monitored by intrusion detection systems (IDS), which detect unauthorized activities.
  • Logs from server OS components, detailing system interactions and anomalies.

This collection of data sources integrates information from the edge of the network with internal server events, offering comprehensive insights into potential security incidents. Gateway logs reveal traffic patterns that may signal reconnaissance or data exfiltration attempts. IDS logs provide evidence of intrusion attempts or abnormal network behavior, and server OS logs pinpoint system-level operations that could indicate compromise or misuse.

User Reedy
by
7.8k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!