Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:00
Hello and welcome back to Sai Berries. 2019 Cop Tia Security Plus Certification
00:08
Preparation course.
00:10
We're going to tear our discussion on marginal to
00:13
and the topic of discussion is domain to
00:16
technologies and tools Here again, is that one of the objectives of this particular remain are This is one of many that we will be highlight doing this particular course of instruction. In fact,
00:27
so we look at two deaths, one title, install and configure
00:31
network opponents, both hardware software base to support organizational security.
00:37
So that's not turnout teacher toward a pre assessment quiz
00:41
What you need to determine here. When looking at this particular question here, you need to determine whether or not the course it is either true
00:48
or is it false?
00:50
So without further ado, let's b begin my first. While taking a look at the course in itself.
00:55
The statement says that a security information and event manager solution is a centralized repository, your logs and activities. Is that true? Up false.
01:07
If you say that it's you, you're absolutely correct.
01:10
Continue on a discussion. This particular video here, here again, what we have title here is an objective
01:17
now within its project. These are the topics which we're gonna highlight doing this particular video.
01:22
We could begin by first taking a look at Sims and take a look at the following items, which encompasses him for terms of aggregation, correlation, always down the logs and worms. So that further do let's begin by first finding or in fact, the describing exactly what it security information event mattress system is all about.
01:41
First thing I want to point out is that it provides
01:44
real time or near time analysis off security. Let's generated by your network and hardware application
01:51
in fact, the security information and event manager systems killing an I t. Best practice for regulated industry. It's an audit compliance requirements that supports the i T service reliability by maximizing event log value and is used to aggregate the cipher and normalize
02:08
nonstandard long formats. It can also
02:12
filter out your false positives as well,
02:15
so let's not turn a attention towards some concepts
02:20
that fall within the parameters of Sims.
02:22
We have a term called aggregation.
02:24
In this case, the SIM system can move log files and data from multiple sources toe a common repository.
02:31
Correlation
02:32
SIM System uses a Correlation engine to correlate events from multiple systems.
02:38
Then we have automated alerting and sugaring
02:42
in this case is a census that could install agents on several devices so that the SIM system is allergic. When several events occur,
02:52
then we have time synchronization. It's a SIM service relies on times of desertion from a stratum zero or an atomic clock time source so that the time can be synchronized and events can be put into what we call chronological order.
03:09
Then we have someone done additional concept he didn't understand. This one, in particular, is called event duplication.
03:16
That Means is used to merge identical alerts to reduce the amount of storage, quite the store log data.
03:23
Then we have log and worms, other words and computer storage media. The warm or write once read many is a data stores technology that allows if it means to be written to a disc. A single time prevents the drive from erasing that data.
03:39
This base is now to a post assessment quiz,
03:44
and the question is a small. In fact, it's a multiple choice.
03:47
You are auditor of a large multinational corporation, and the Simpson has been finding vulnerable. Is on a server.
03:54
Manu inspection proved that it has been fully hard and has no vulnerable is what a two main reasons why you're Simpson reproducing. This output is a there. There was a zero day Varis. Be false negatives, see false positive or D The wrong filter was used to audit.
04:17
If you should let you see Andy, you're absolutely correct.
04:20
If we're using a Rome configuration of the seven server, we would get poor Martin resulting in false positive.
04:29
So the correct assets should be C and D
04:32
and a roll ***. It would be a MB.
04:36
So let's take a look at key takeaways from this particular video.
04:41
We don't need a security information event. Mansion solution is a centralized repository of your logs and activities.
04:46
We learned that Simpson relies on time synchronization from Scranton Zero or atomic clock time source so that time can be synchronized and events could be put into chronological order.
04:58
We don't eat event duper cases used to merge identical alerts and to reduce the amount of storage required to store log data
05:05
and our upcoming video. We continue our discussion of 2.2, which is tired of giving a scenario used appropriate software tools to assess the security posture, often organization
05:16
look forward to seeing a very next video.

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor