Module 3

Question 1

Log

Answer 1

A record of events that occur within an organization’s systems and networks

Question 2

Common Log Sources

Answer 2

Firewall logs

Network logs

Server logs

Question 3

Firewall Log

Answer 3

A record of attempted or established connections for incoming traffic from the Internet. Also includes outbound requests to the Internet from within the network.

Question 4

Network Log

Answer 4

A record of all computers and devices that enter and leave the network. It also records connections between devices and services on the network.

Question 5

Server Log

Answer 5

A record of events related to services, such as websites, emails, or file shares. It includes action, such as login, password, and username request.

Question 6

Security Information and Event Management (SIEM)

Answer 6

An application that collects an analyzes log data to monitor critical activities in an organization

Question 7

Metrics

Answer 7

Key technical attributes, such as response time, availability, and failure rate, which are used to assess the performance of a software application

Question 8

Different Types of SIEM Tools

Answer 8

Self-hosted

Cloud-hosted

Hybrid

Question 9

Splunk Enterprise

Answer 9

A self-hosted tool used to retain, analyze, and search an organizations log data to provide security information and alerts in real-time

Question 10

Splunk Cloud

Answer 10

A cloud-hosted tool used to collect, search, and monitor log data

Question 11

Chronicle

Answer 11

A cloud-native tool designed to retain, analyze, and search data