Module 4 - 01-1

Question 1

Define Log

Answer 1

A record of events that occur within an organization’s systems.

Logs help security professionals identify vulnerabilities and potential security breaches.

Question 2

What does SIEM stand for?

Answer 2

Security Information and Event Management (SIEM)

(pronounced as ‘sim’ or ‘seem’)

Question 3

Define SIEM tool

Answer 3

An application that collects and analyzes log data to monitor critical activities in an organization.

Question 4

How does a SIEM tool work?

Answer 4

• It collects real-time information, and allow security analysts to identify potential breaches as they happen.
• It reduces the amount of data an analyst must review by providing alerts for specific types of risks, threats, and vulnerabilities.
• It provides a series of dashboards that visually organize data into categories, allowing users to select the data they wish to analyze.

Question 5

Define Dashboard

Answer 5

A tool used to visually communicate information or data

Question 6

How would a security analyst use a SIEM tool?

Answer 6

• Analyze filtered events and patterns
• Perform incident analysis
• Proactively search for threats

Question 7

What are two examples of SIEM tools?

Answer 7

1) Splunk
2) Chronicle (Google)

Question 8

What is Splunk?

Answer 8

A data analysis platform

Question 9

What is Splunk Enterprise and what do they provide?

Answer 9

A self-hosted tool used to retain, analyze, and search an organization’s log data.
It provides SIEM solutions.

Question 10

What is Chronicle?

Answer 10

A cloud-native SIEM tool that stores security data for search and analysis

Question 11

Define Playbook

Answer 11

A manual that provides details about any operational action, such as how to respond to an incident.

The purpose is to guide analysts through a series of steps to complete specific security-related tasks.

Question 12

What is another name for a Network Protocol Analyzer?

Answer 12

Packet Sniffer

Question 13

Define Network Protocol Analyzer (Packet Sniffer)

Answer 13

A tool designed to capture and analyze data traffic within a network.
The tool keeps a record of all the data that a computer within an organization’s network encounters.

Question 14

What are two common network protocol analyzers?

Answer 14

1) tcpdump
2) Wireshark

Question 15

What are two important playbooks that occur at the beginning of a forensic investigation?

Answer 15

1) Chain of Custody Playbook
2) Protecting and Preserving Evidence Playbook

Question 16

Define Chain of Custody

Answer 16

The process of documenting evidence possession and control during an incident lifecycle

Question 17

Briefly explain the Chain of Custody process

Answer 17

As a security analyst involved in a forensic analysis, you will work with the computer data that was breached. You and the forensic team will also need to document who, what, where, and why you have the collected evidence. The evidence is your responsibility while it is in your possession. Evidence must be kept safe and tracked. Every time evidence is moved, it should be reported. This allows all parties involved to know exactly where the evidence is at all times.

Question 18

Define Protecting and Preserving Evidence

Answer 18

The process of properly working with fragile and volatile digital evidence

Question 19

Define Order of Volatility

Answer 19

A sequence outlining the order of data that must be preserved from first to last

It prioritizes volatile data, which is data that may be lost if the device in question powers off, regardless of the reason.

Question 20

What tool is designed to capture and analyze data traffic within a network?

• network protocol analyzer (packet sniffer)
• playbook
• security information and event management (SIEM)
• Structured Query Language (SQL)

Answer 20

network protocol analyzer (packet sniffer)

A packet sniffer, also known as a network protocol analyzer, is a tool designed to capture and analyze data traffic within a network.

Question 21

What type of tool uses dashboards to organize data into categories and allows analysts to identify potential security incidents as they happen?

• Linux
• SIEM
• network protocol analyzers (packet sniffers)
• Python

Answer 21

SIEM

SIEM tools use dashboards to organize data into categories and allow analysts to identify potential security incidents, such breaches, as they happen.

Question 22

What can cybersecurity professionals use logs for?

• To identify vulnerabilities and potential security breaches
• To research and optimize processing capabilities within a network
• To analyze data traffic within a network
• To select which security team members will respond to an incident

Answer 22

To identify vulnerabilities and potential security breaches

Cybersecurity professionals can use logs to identify vulnerabilities and potential security breaches, as well as other potential security incidents.

Question 23

A _____ is a manual that provides details about operational actions.

• playbook
• case history
• checklist
• directory

Answer 23

playbook

A playbook is a manual that provides details about operational actions. Playbooks provide guidance when handling a security incident before, during, and after it has occurred.