Please select 2 correct answers
Network monitoring allows Security Engineers to detect suspicious or abnormal activity on the network, which may indicate a potential threat. SIEM tools collect, correlate, and analyze logs from multiple sources to identify threats in real-time. Post-incident forensics occurs after an attack has taken place, and data backup is a recovery measure rather than a proactive identification method.
Please select 2 correct answers
Vulnerability scanning involves identifying potential weaknesses in systems or networks by scanning for known vulnerabilities. Penetration testing (ethical hacking) is a proactive technique where simulated attacks are performed to discover vulnerabilities before malicious actors exploit them. Encryption and data compression are not directly related to threat identification; encryption is used to protect data, and data compression is used to reduce file size.
A threat model helps Security Engineers understand the system's potential vulnerabilities and how attackers might exploit them. This process is essential for identifying and mitigating threats. It focuses on the paths attackers could take to compromise the system rather than simply prioritizing assets or geographic considerations.
A zero-day vulnerability refers to a software flaw that is discovered and exploited by attackers before the software developer can issue a fix or patch. It is termed "zero-day" because there are zero days between the discovery of the vulnerability and its exploitation. This makes it highly dangerous.
The first step in threat identification is knowing what you're protecting. By identifying and categorizing assets (e.g., sensitive data, critical systems), a Security Engineer can prioritize and focus on threats that could affect those assets. Blocking traffic or implementing patches are response actions that come after threats are identified. Assessing impact comes after assets and threats are recognized.
