Hello and welcome back to Sai Berries. 2019 Cop Tia Security Plus Certification
We're going to tear our discussion on marginal to
and the topic of discussion is domain to
technologies and tools Here again, is that one of the objectives of this particular remain are This is one of many that we will be highlight doing this particular course of instruction. In fact,
so we look at two deaths, one title, install and configure
network opponents, both hardware software base to support organizational security.
So that's not turnout teacher toward a pre assessment quiz
What you need to determine here. When looking at this particular question here, you need to determine whether or not the course it is either true
So without further ado, let's b begin my first. While taking a look at the course in itself.
The statement says that a security information and event manager solution is a centralized repository, your logs and activities. Is that true? Up false.
If you say that it's you, you're absolutely correct.
Continue on a discussion. This particular video here, here again, what we have title here is an objective
now within its project. These are the topics which we're gonna highlight doing this particular video.
We could begin by first taking a look at Sims and take a look at the following items, which encompasses him for terms of aggregation, correlation, always down the logs and worms. So that further do let's begin by first finding or in fact, the describing exactly what it security information event mattress system is all about.
First thing I want to point out is that it provides
real time or near time analysis off security. Let's generated by your network and hardware application
in fact, the security information and event manager systems killing an I t. Best practice for regulated industry. It's an audit compliance requirements that supports the i T service reliability by maximizing event log value and is used to aggregate the cipher and normalize
nonstandard long formats. It can also
filter out your false positives as well,
so let's not turn a attention towards some concepts
that fall within the parameters of Sims.
We have a term called aggregation.
In this case, the SIM system can move log files and data from multiple sources toe a common repository.
SIM System uses a Correlation engine to correlate events from multiple systems.
Then we have automated alerting and sugaring
in this case is a census that could install agents on several devices so that the SIM system is allergic. When several events occur,
then we have time synchronization. It's a SIM service relies on times of desertion from a stratum zero or an atomic clock time source so that the time can be synchronized and events can be put into what we call chronological order.
Then we have someone done additional concept he didn't understand. This one, in particular, is called event duplication.
That Means is used to merge identical alerts to reduce the amount of storage, quite the store log data.
Then we have log and worms, other words and computer storage media. The warm or write once read many is a data stores technology that allows if it means to be written to a disc. A single time prevents the drive from erasing that data.
This base is now to a post assessment quiz,
and the question is a small. In fact, it's a multiple choice.
You are auditor of a large multinational corporation, and the Simpson has been finding vulnerable. Is on a server.
Manu inspection proved that it has been fully hard and has no vulnerable is what a two main reasons why you're Simpson reproducing. This output is a there. There was a zero day Varis. Be false negatives, see false positive or D The wrong filter was used to audit.
If you should let you see Andy, you're absolutely correct.
If we're using a Rome configuration of the seven server, we would get poor Martin resulting in false positive.
So the correct assets should be C and D
and a roll ***. It would be a MB.
So let's take a look at key takeaways from this particular video.
We don't need a security information event. Mansion solution is a centralized repository of your logs and activities.
We learned that Simpson relies on time synchronization from Scranton Zero or atomic clock time source so that time can be synchronized and events could be put into chronological order.
We don't eat event duper cases used to merge identical alerts and to reduce the amount of storage required to store log data
and our upcoming video. We continue our discussion of 2.2, which is tired of giving a scenario used appropriate software tools to assess the security posture, often organization
look forward to seeing a very next video.