Question Bank

The Log Collector is the SIEM component responsible for gathering all event logs from configured devices and securely sending them to the SIEM system.

The Log Collector is responsible for collecting logs from various sources, such as network devices, servers, applications, and databases, and then forwarding them to the SIEM system for analysis.

The Log Collector can also be configured to filter out irrelevant logs and only forward the relevant ones to the SIEM system.

To control access to the switch console, you must keep it in a locked room. A console connection can only be established with a direct physical connection to the device. If the switch is in a locked room, only those with access will be able to make a console connection. In addition, even if you had set console passwords, users with physical access to the device could perform password recovery and gain access.

Piggybacking is the activity where an authorized or unauthorized individual gains entry into a secured area by exploiting the credentials of a prior person. Often, the first person will authenticate, unlock the door, and then hold it open for the next person to enter without forcing them to authenticate separately.

You can stop piggybacking with a mantrap. A mantrap is a single-person room with two doors and often includes a scale to prevent piggybacking. It requires proper authentication before unlocking the inner door to allow authorized personal into a secured area. Those who fail to properly authenticate are held captive until authorities respond.

Turnstiles allow an easy exit from a secured environment but actively prevent re-entrance through the exit portal. Turnstiles are a common exit portal used with entrance portal mantraps. A turnstile can't be used to enter into a secured facility, as it only functions in one direction.

Masquerading is convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access.

Dumpster Diving

Dumpster diving is the process of looking in the trash for sensitive information that has not been properly disposed of.

Tailgating and Piggybacking

Piggybacking and tailgating refer to an attacker entering a secure building by following an authorized employee through a secure door and not providing identification. Piggybacking usually implies consent from the authorized employee, whereas tailgating implies no consent from the authorized employee.

Phishing

A phishing scam is an email pretending to be from a trusted organization, asking the user to verify personal information or send money. In a phishing attack:

A fraudulent message that appears to be legitimate is sent to a target.

The message requests that the target visit a fraudulent website (which also appears to be legitimate). Graphics, links, and websites look almost identical to the legitimate websites they are trying to represent.

The fraudulent website requests that the victim provide sensitive information, such as an account number and password.

Below are descriptions of common phishing scams.

A rock phish kit is a fake website that imitates a real website (such as banks, PayPal, eBay, and Amazon). Phishing emails direct you to the fake website to enter account information. A single server can host multiple fake sites using multiple registered DNS names. These sites can be set up and taken down rapidly to avoid detection.

A Nigerian scam, also known as a 419 scam, involves emails that request a small amount of money to help transfer funds from a foreign country. For your assistance, you are to receive a reward for a much larger amount of money that will be sent to you at a later date.

In spear phishing, attackers gather information about the victim, such as which online banks they use. They then send phishing emails for the specific bank. Spear phishing's goal is to gain access to information that will allow the attacker to gain commercial advantage or commit fraud. Spear phishing frequently involves sending seemingly genuine emails to all employees or members of specific teams.

Whaling is another form of phishing that is targeted toward senior executives and high-profile victims.

Vishing is similar to phishing. But instead of an email, the attacker uses Voice over IP (VoIP) to gain sensitive information. The term is a combination of voice and phishing.

Social engineering relies on the trusting nature of individuals to incentivize them to take an action or allow an unauthorized action.