Manage Security Risks Flashcards
module three
What is Chronicle in the context of cybersecurity?
A cloud-native tool designed to retain, analyze, and search data.
What is incident response?
An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.
What is a log in cybersecurity?
A record of events that occur within an organization’s systems.
What are metrics in the context of software applications?
Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application.
What is an operating system (OS)?
The interface between computer hardware and the user.
What is a playbook in cybersecurity?
A manual that provides details about any operational action.
What is security information and event management (SIEM)?
An application that collects and analyzes log data to monitor critical activities in an organization.
What is security orchestration, automation, and response (SOAR)?
A collection of applications, tools, and workflows that use automation to respond to security events.
What are SIEM tools?
Software platforms that collect, analyze, and correlate security data from various sources across your IT infrastructure to help identify and respond to security threats in real-time, investigate security incidents, and comply with security regulations.
What is Splunk Cloud?
A cloud-hosted tool used to collect, search, and monitor log data.
What is Splunk Enterprise?
A self-hosted tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time.
What type of SIEM tool is designed to take full advantage of cloud computing capabilities?
Cloud-native.
Which log source records events related to websites, emails, file shares, and password and username requests?
Server
What are the different types of SIEM tools? Select three answers.
Self-hosted, Cloud-hosted, Hybrid
What does the term “metrics” refer to in software applications?
Technical attributes such as response time, availability, and failure rate.
What type of SIEM tool allows for a combination of on-site infrastructure and internet-based solutions?
Hybrid
Fill in the blank: SIEM tools must be configured and _____ to meet each organization’s unique security needs.
customized
What is the role of the security posture dashboard in Splunk?
It displays the last 24 hours of notable security-related events and trends to help security professionals monitor and investigate potential threats in real time.
What is the purpose of the executive summary dashboard in Splunk?
It analyzes and monitors the overall health of the organization over time, providing high-level insights to stakeholders.
What does the incident review dashboard in Splunk help analysts do?
Identify suspicious patterns and highlight higher risk items that need immediate review.
What is the risk analysis dashboard used for in Splunk?
It helps analysts identify risk for each risk object and prioritize their risk mitigation efforts.
What is the enterprise insights dashboard in Chronicle used for?
It highlights recent alerts, identifies suspicious domain names in logs, and provides a severity level for each threat.
What does the data ingestion and health dashboard in Chronicle show?
The number of event logs, log sources, and success rates of data being processed.
What does the IOC matches dashboard in Chronicle indicate?
The top threats, risks, and vulnerabilities to the organization
What is the main dashboard in Chronicle used for?
It provides a high-level summary of information related to data ingestion, alerting, and event activity over time.
