Formative 11 Flashcards

1
Q

What is the host-based intrusion detection tool that is integrated into Security Onion?

Sguil

Wireshark

Snort

OSSEC

A

OSSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which tool is included with Security Onion that is used by Snort to automatically download new rules?

ELK

Sguil

Wireshark

PulledPork

A

PulledPork

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which tool included in Security Onion is an interactive dashboard interface to Elasticsearch data?

Zeek

Kibana

Sguil

Wireshark

A

Kibana

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which NIDS tool uses a signature-based approach and native multithreading for alert detection?

Bro

Suricata

Zeek

Snort

A

Suricata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which tool is a Security Onion integrated host-based intrusion detection system?

Wazuh

Zeek

Snort

Suricata

A

Wazuh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are three analysis tools that are integrated into Security Onion? (Choose three.)

Kibana

Sguil

Wireshark

Snort

OSSEC

Suricata

A

Kibana

Sguil

Wireshark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What function is provided by Snort as part of the Security Onion?

to normalize logs from various NSM data logs so they can be represented, stored, and accessed through a common schema

to generate network intrusion alerts by the use of rules and signatures

to view pcap transcripts generated by intrusion detection tools

to display full-packet captures for analysis

A

to generate network intrusion alerts by the use of rules and signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What classification is used for an alert that correctly identifies that an exploit has occurred?

false negative

true positive

false positive

true negative

A

true positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of analysis relies on predefined conditions and can analyze applications that only use well-known fixed ports?

deterministic

log

statistical

probabilistic

A

deterministric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of analysis relies on different methods to establish the likelihood that a security event has happened or will happen?

log

deterministic

statistical

probabilistic

A

probabilistic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which alert classification indicates that exploits are not being detected by installed security systems?

false negative

false positive

true negative

true positive

A

false negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which tool would an analyst use to start a workflow investigation?

Snort

ELK

Sguil

Zeek

A

Sguil

How well did you know this?
1
Not at all
2
3
4
5
Perfectly