1)About SIEM Tool(architecture, components) 2)Aggregation, correlation,alerting. 3)IPS/IDS, proxy , antivirus , DLP , architecture. 4)How to create rule , alert? 5)port details ? 6)OSI layer , TCP , udp in detail. 7) Vulnerability assessment 8) OWASP top 10 (specially blind SQL injection, XSS, csrf, XML injunction in brief ), brute force attack , syn flood. 9)SSL, web application firewall, encryption, SMB, false positive. 10)Risk , threat , Vulnerability. 11)CIA , authentication, Authorization. 12) latests attacks like warnacry, locky, meltdown, spectre. 13)how to collect events from different log sources window , linux.(wincollect for windows, syslog for Linux , window) 14) Log records covers: Normal activities Error conditions Policy changes Unauthorised use of resources User behaviour patterns Clearing of sensatvie data Use cases: 1 ) Authentication activities: Off hour authentication attempts, abnormal authentication attampts.
Comments
Post a Comment