9.2.11 Practice Questions Flashcards
Question 1.
Which of the following components are the SIEM’s way of letting the IT team know that a pre-established parameter is not within the acceptable range?
answer
Trends
Sensors
Dashboard
Alerts
Correct Answer:
Alerts
Question 2.
As a cybersecurity analyst, you are tasked with identifying a critical component of a Security Information and Event Management (SIEM) system that can analyze and compare known malicious behavior against aggregated data from log files, system applications, and network appliances.
Which component of the SIEM system would be MOST effective for this task?
answer
Alerts
SIEM Dashboards
Correlation
Trends
Correct Answer:
Correlation
Question 3.
As a cybersecurity analyst, you are tasked with implementing a Security Information and Event Management (SIEM) system that allows the IT security team to effectively monitor and respond to events on the network in real-time.
Which component of the SIEM system would be MOST critical for this task?
answer
Vulnerability scan output
Sensors
SIEM dashboards
Trends
Correct Answer:
SIEM dashboards
Question 4.
As a cybersecurity analyst, you are tasked with improving the security posture of your organization. You are considering the implementation of a Security Information and Event Management (SIEM) system.
Which component of the SIEM system would be MOST critical for monitoring and securing network endpoints, services, and other vulnerable locations?
answer
Sensors
Vulnerability scan output
Trends
SIEM
Correct Answer:
Sensors
Question 5.
Which tool or concept used in cybersecurity monitoring gives a condensed overview of information from various data sources for daily incident response tasks?
answer
Security Information and Event Management (SIEM) tools
Host-based intrusion detection systems
Network-based vulnerability scanners
Log files generated by applications on hosts
Correct Answer:
Security Information and Event Management (SIEM) tools
Question 6.
Which of the following BEST describes the role of event metadata in network security?
answer
It provides the specific notification or alert the process raises.
It is the data that is generated by processes running on network appliances and general computing hosts.
It is the source and time of the event, which can include a host or network address, a process name, and categorization/priority fields.
It is used to synchronize each host to the same date, time value, and format.
Correct Answer:
It is the source and time of the event, which can include a host or network address, a process name, and categorization/priority fields.
Question 7.
What kind of metadata is usually linked with files and includes information like creation date, access history, and security permissions?
answer
File metadata
Social media metadata
Email header metadata
Web metadata
Correct Answer:
File metadata
Question 8.
You are a cybersecurity analyst tasked with investigating a security incident.
You need to analyze network traffic data that normally goes to Syslog or SNMP, and you also need a tool that can address the need for a standardized protocol for internal protocol flows. Additionally, you need to collect data from routers, servers, and other network appliances.
Which tool would be BEST for you to use?
answer
Web metadata
NetFlow
IPfix
sFlow
Correct Answer:
IPfix
Question 9.
In the context of a syslog message, which of the following components is calculated from the facility and severity level?
answer
Message
PRI code
Header
Timestamp
Correct Answer:
PRI code
Question 10.
You are a cybersecurity analyst investigating a potential data breach in your organization. You have identified a suspicious user who appears to have accessed sensitive information.
Which type of metadata would be MOST useful to determining the user’s activities on your organization’s internal web applications?
answer
File metadata
Email metadata
Web metadata
Mobile metadata
Correct Answer:
Web metadata