AWS GuardDuty is a threat detection service that continuously monitors AWS accounts and workloads for malicious activity or unauthorized behavior. It provides cloud-native security, helping secure cloud infrastructure. Wireshark is for network traffic analysis, Metasploit for penetration testing, and Burp Suite for web application testing.
Please select 2 correct answers
Metasploit is an open-source framework widely used for penetration testing and exploiting known vulnerabilities in systems. Burp Suite is commonly used for testing web application security by identifying vulnerabilities such as SQL injection, cross-site scripting (XSS), etc. SolarWinds is used for network management and monitoring, and the ELK Stack (Elasticsearch, Logstash, Kibana) is used for log management and data analysis.
Snort is an open-source IDS that monitors network traffic for suspicious activity and sends alerts when potential malicious behavior is detected. It can also function as an Intrusion Prevention System (IPS) to block such traffic. It’s not used for vulnerability scanning, password cracking, or web application scanning.
Nmap (Network Mapper) is a powerful tool for network discovery and security auditing, commonly used to scan networks to discover open ports, services running on those ports, and other characteristics like OS detection. Nikto is a web vulnerability scanner, Tripwire is used for file integrity monitoring, and Wireshark is used for network traffic analysis.
Splunk is a widely-used SIEM tool that collects and correlates security events from various sources, allowing security teams to monitor and analyze logs in real time to detect threats. OpenVAS is a vulnerability scanner, Nmap is a network scanning tool, and Snort is an intrusion detection and prevention system (IDS/IPS).