Manage Security Risks Flashcards

module three

1
Q

What is Chronicle in the context of cybersecurity?

A

A cloud-native tool designed to retain, analyze, and search data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is incident response?

A

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a log in cybersecurity?

A

A record of events that occur within an organization’s systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are metrics in the context of software applications?

A

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an operating system (OS)?

A

The interface between computer hardware and the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a playbook in cybersecurity?

A

A manual that provides details about any operational action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is security information and event management (SIEM)?

A

An application that collects and analyzes log data to monitor critical activities in an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is security orchestration, automation, and response (SOAR)?

A

A collection of applications, tools, and workflows that use automation to respond to security events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are SIEM tools?

A

Software platforms that collect, analyze, and correlate security data from various sources across your IT infrastructure to help identify and respond to security threats in real-time, investigate security incidents, and comply with security regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Splunk Cloud?

A

A cloud-hosted tool used to collect, search, and monitor log data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Splunk Enterprise?

A

A self-hosted tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What type of SIEM tool is designed to take full advantage of cloud computing capabilities?

A

Cloud-native.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which log source records events related to websites, emails, file shares, and password and username requests?

A

Server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the different types of SIEM tools? Select three answers.

A

Self-hosted, Cloud-hosted, Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the term “metrics” refer to in software applications?

A

Technical attributes such as response time, availability, and failure rate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of SIEM tool allows for a combination of on-site infrastructure and internet-based solutions?

A

Hybrid

17
Q

Fill in the blank: SIEM tools must be configured and _____ to meet each organization’s unique security needs.

A

customized

18
Q

What is the role of the security posture dashboard in Splunk?

A

It displays the last 24 hours of notable security-related events and trends to help security professionals monitor and investigate potential threats in real time.

19
Q

What is the purpose of the executive summary dashboard in Splunk?

A

It analyzes and monitors the overall health of the organization over time, providing high-level insights to stakeholders.

20
Q

What does the incident review dashboard in Splunk help analysts do?

A

Identify suspicious patterns and highlight higher risk items that need immediate review.

21
Q

What is the risk analysis dashboard used for in Splunk?

A

It helps analysts identify risk for each risk object and prioritize their risk mitigation efforts.

22
Q

What is the enterprise insights dashboard in Chronicle used for?

A

It highlights recent alerts, identifies suspicious domain names in logs, and provides a severity level for each threat.

23
Q

What does the data ingestion and health dashboard in Chronicle show?

A

The number of event logs, log sources, and success rates of data being processed.

24
Q

What does the IOC matches dashboard in Chronicle indicate?

A

The top threats, risks, and vulnerabilities to the organization

25
Q

What is the main dashboard in Chronicle used for?

A

It provides a high-level summary of information related to data ingestion, alerting, and event activity over time.