Alerting and Monitoring
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Monitoring resources and the activity pipeline
- SIEM: aggregation, correlation, and alerting
- Sensors and standards: AV, DLP, scanners, SCAP, SNMP, NetFlow
- Exam-pattern recognition for alerting and monitoring
Monitoring tools: what each one watches and what it emits
| Tool | What it monitors | Output / signal | Exam tell |
|---|---|---|---|
| SIEM | Aggregated logs from all sources | Correlated alerts across systems | Connect events across many sources → SIEM |
| Antivirus / EDR agent | Endpoint files and processes | Malware detection / quarantine | Known/behavioral malware on a host |
| DLP | Data in use, in motion, at rest | Block or alert on data exfiltration | Sensitive data leaving the org |
| Vulnerability scanner (SCAP) | Host config and software flaws | Findings vs. benchmark baseline | Standardized, automatable config/flaw checks |
| SNMP (traps) | Device health and status | Push notification of notable events | Up/down and performance health of gear |
| NetFlow | Traffic flow metadata | Who-talked-to-whom and volume | Conversation/volume analysis, not payload |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- CompTIA Security+ (SY0-701) certification
- NIST SP 800-92, Guide to Computer Security Log Management Whitepaper
- Information security continuous monitoring (CSRC glossary)
- Security information and event management (CSRC glossary)
- Data loss prevention (CSRC glossary)
- Security content automation protocol (CSRC glossary)