Module 3-02 Challenge

Question 1

Which of the following statements correctly describe logs? Select all that apply.

• Actions such as using a username or password are recorded in a firewall log.
• A network log is a record of all computers and devices that enter and leave a network.
• Events related to websites, emails, or file shares are recorded in a server log.
• A log is a record of events that occur within an organization’s systems and networks.
• Security teams monitor logs to identify vulnerabilities and potential data breaches.
• Connections between devices and services on a network are recorded in a firewall log.
• Outbound requests to the internet from within a network are recorded in a firewall log.
• Actions such as login requests are recorded in a server log.

Answer 1

• A network log is a record of all computers and devices that enter and leave a network.
• Events related to websites, emails, or file shares are recorded in a server log.
• A log is a record of events that occur within an organization’s systems and networks.
• Security teams monitor logs to identify vulnerabilities and potential data breaches.
• Outbound requests to the internet from within a network are recorded in a firewall log.
• Actions such as login requests are recorded in a server log.

Question 2

What are some of the key benefits of SIEM tools? Select all that apply.

• Store all log data in a centralized location
• Automatic updates customized to new threats and vulnerabilities
• Provide visibility
• Monitor critical activities in an organization
• Increase efficiency
• Automatic customization to changing security needs
• Deliver automated alerts
• Minimize the number of logs to be manually reviewed

Answer 2

• Store all log data in a centralized location
• Provide visibility
• Monitor critical activities in an organization
• Increase efficiency
• Automatic customization to changing security needs
• Minimize the number of logs to be manually reviewed

Question 3

To assess the performance of a software application, security professionals use _____, including response time, availability, and failure rate.

• logs
• SIEM tools
• metrics
• dashboards

Answer 3

metrics

Question 4

A security team chooses to implement a SIEM tool that will be managed and maintained by the organization’s IT department, rather than a third-party vendor. What type of tool are they using?

• Department-hosted
• Cloud-hosted
• Self-hosted
• Hybrid

Answer 4

Self-hosted

Question 5

You are a security professional, and you want a SIEM tool that will require both on-site infrastructure and internet-based solutions. What type of tool do you choose?

• Hybrid
• Cloud-hosted
• Component-hosted
• Self-hosted

Answer 5

Hybrid

Question 6

Fill in the blank: _____ are used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time.

• network protocol analyzers (packet sniffers)
• SIEM tools
• Playbooks
• Operating systems

Answer 6

SIEM tools

Question 7

After receiving an alert about a suspicious login attempt, a security analyst can access their _____ to gather information about the alert.

• internal infrastructure
• SIEM tool dashboard
• network protocol analyzer (packet sniffer)
• playbook

Answer 7

SIEM tool dashboard

Question 8

_____ tools are often free to use.

• Command-line
• Open-source
• Cloud-hosted
• Proprietary

Answer 8

Open-source

Question 9

SIEM tools retain, analyze, and search an organization’s _____ to provide security information and alerts.

• cloud applications
• log data
• hardware
• database

Answer 9

log data

Question 10

A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity?

• A SIEM tool dashboard
• An operating system
• A playbook
• A network protocol analyzer (packet sniffer)

Answer 10

A SIEM tool dashboard

Question 11

Which type of tool typically requires users to pay for usage?

• Cloud native
• Self-hosted
• Proprietary
• Open-source

Answer 11

Proprietary

Question 12

Software application _____ are technical attributes, such as response time, availability, and failure rate.

• dashboards
• logs
• metrics
• SIEM tools

Answer 12

metrics

Question 13

A security team chooses to implement a SIEM tool that they will install, operate, and maintain using their own physical infrastructure. What type of tool are they using?

• Log-hosted
• Self-hosted
• Hybrid
• Cloud-hosted

Answer 13

Self-hosted

Question 14

You are a security analyst, and you want a security solution that will be fully maintained and managed by your SIEM tool provider. What type of tool do you choose?

• Self-hosted
• Hybrid
• Solution-hosted
• Cloud-hosted

Answer 14

Cloud-hosted

Question 15

SIEM tools are used to search, analyze, and _____ an organization’s log data to provide security information and alerts in real-time.

• release
• retain
• separate
• modify

Answer 15

retain