Network, HOST IDS/ SNORT
Different behavior on network - out of Norm
anomaly
Sequential segment of memory location allocated for containing data such as a character string or an array of integers.
buffer
Machine data makes up for more than ___% of the data accumulated by organizations.
90
Pen testing is
a controlled attempt and exploit weaknesses.
List of known patterns of attack
signatures
An attack...the extra data holds some specific instructions in memory by a cyber-crime or pen-tester to crack the system.
Buffer-overflow
How many actions can there be associated with one rule?
One
_________ define what users can do in Splunk.
ROLE
Who hacks into systems, with permission, to find vulnerabilities and help secure the system?
White hat hacker
Best for monitoring critical assets
HIDS
...a search box can take at most 200 words, you’ve inserted more/hit search; the system crashes... because of limited
buffer
What is referred to as type?
taxonomy
Search strings in SPLUNK are sent from the _________.
Search Head
Why complete a pen test?
To improve the security of the system.
What are three modes of running Snort?
NIDS, sniffer, packet logger mode
How many types of buffer-overflow attack are there?
2
What does TD do?
Promotes events to alerts
Search requests in SPLUNK are processed by the ___________.
Indexers
Which pen testing tool do hackers like to use?
Passive tools
Placed in line on network as a TAP
sensors
Buffer-overflow may remain as a bug in apps if __________ are not done fully.
boundary checks
Splunk uses ________ to categorize the type of data being indexed.
Source Type
Who does pen testing blind?
Malicious hacker