1. Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.

Think on the following lines to answer this assignment:

How do you obtain a baseline of system or network behavior?

What is an anomaly in relation to baseline behavior?

Why might certain anomalies be worth investigating?

How can traffic have patterns that signify known attacks?

What do log files help you learn that filtering systems overlook?

Why can legitimate traffic sometimes seem suspicious?

Given the following list of end-user policy violations and security breaches, select three and identify strategies to control and monitor each event to mitigate risk and minimize exposure.

Sensitive laptop data is unencrypted and susceptible to physical theft.

An invalid protocol header disrupts a critical network service.

A user made unauthorized use of network resources by attacking network entities.