Module 3 - 02-1

Question 1

Define Log

Answer 1

A record of events that occur within an organization’s systems and networks

Question 2

What are three common log sources?

Answer 2

• Firewall logs
• Network logs
• Server logs

Question 3

Define Firewall logs

Answer 3

A record of attempted or established connections for incoming traffic from the internet. It also includes outbound requests to the internet from within the network

Question 4

Define Network logs

Answer 4

A record of all computers and devices that enter and leave the network. It also records connections between devices and services on the network

Question 5

Define Server logs

Answer 5

A record of events related to services such as websites, emails, or file shares. It includes actions such as login, password, and username requests

Question 6

What can security teams identify from monitoring logs (2)?

Answer 6

• Vulnerabilities
• Potential data breaches

Question 7

What do SIEM tools rely on to monitor systems and detect security threats?

Answer 7

Logs

Question 8

What does SIEM stand for?

Answer 8

Security Information and Event Management (SIEM)

Question 9

Define Security Information and Event Management (SIEM)

Answer 9

An application that collects and analyzes log data to monitor critical activities in an organization

Question 10

How do SIEM tools increase efficiency and save time?

Answer 10

SIEM tools index and minimize the number of logs a security professional must manually review and analyze

Question 11

SIEM tools can also be used to create _____.

Answer 11

dashboards

Question 12

How do SIEM dashboards help security analysts?

Answer 12

SIEM dashboards help security analysts quickly and easily access their organization’s security information as charts, graphs, or tables.

Question 13

Define Metrics

Answer 13

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Question 14

How can SIEM dashboards be customized?

Answer 14

SIEM dashboards can be customized to display specific metrics or other data that are relevant to different members in an organization.

Question 15

What does IoT stand for?

Answer 15

Internet of Things (IoT)

Question 16

What is “interconnected devices with access to the internet” known as?

Answer 16

Internet of Things (IoT)

Question 17

What does AI stand for?

Answer 17

Artificial Intelligence (AI)

Question 18

What does ML stand for?

Answer 18

Machine Learning (ML)

Question 19

What does SOAR stand for?

Answer 19

Security Orchestration, Automation, and Response

Question 20

Define Security Orchestration, Automation, and Response (SOAR)

Answer 20

A collection of applications, tools, and workflows that uses automation to respond to security events

Essentially, this means that handling common security-related incidents with the use of SIEM tools is expected to become a more streamlined process requiring less manual intervention.

Question 21

Which log source records events related to websites, emails, and file shares, as well as password and username requests?

• Firewall
• Server
• Receiving
• Network

Answer 21

Server

Server logs record events related to websites, emails, and file shares. They include actions such as login requests, password and username requests, as well as the ongoing use of these services.

Question 22

A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization.

• efficiency
• event
• employee
• emergency

Answer 22

event

Question 23

A security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance?

• Models
• Index standards
• Metrics
• Cloud tools

Answer 23

Metrics

They are using metrics. Metrics are key technical attributes including response time, availability, and failure rate, which are used to assess the performance of a software application. SIEM dashboards can be customized to display relevant metrics.

Question 24

SIEM tools must be configured and _____ to meet each organization’s unique security needs.

• customized
• centralized
• reviewed
• indexed

Answer 24

customized