Unit 2 - Module 3 Flashcards

1
Q

What are 3 Common Log Sources?

A

1) Firewall Logs
2) Network Logs
3) Server Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A Firewall Log records what kind of traffic and what requests from the internet?

A

Incoming Traffic and Outbound requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A network log records what 2 connections?

A

1) Records all computers and devices connected to the network.
2) Records connections between devices and services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Server Log records what? It also includes what actions?

A

1) Records websites, emails, or file shares.
2) Records actions such as login, password, and username requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does SIEM tool stand for?

A

Security Information and Event Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a SIEM tool do?

A

Collects and analyzes log data to monitor critical activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define SEIM Metrics

A

Response time, availability, and failure rate which are used to asses the performance of a software application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is does SOAR stand for?

A

Security orchestration, automation, and response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is SOAR made up of and what does it do?

A

1) Collection of applications, tools, and workflows.
2) Uses automation to respond to security incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are 3 types of SIEM tools?

A

Self-Hosted
Cloud-hosted
Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

1) What is Splunk Enterprise? 2) How is it hosted? 3) What does it do?

A

1) A SIEM tool
2) Self-hosted
3) Retain, analyze and searches companies log data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

1) What is Splunk Cloud? 2) How is it hosted? 3) What does it do?

A

1) A SIEM tool
2) Cloud-hosted
3) Retain, analyze and searches companies log data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

1) What is Chronicle? 2) How is it hosted? 3) What does it do?

A

1) A SIEM tool
2) Cloud-native
3) Retain, analyze and searches companies log data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the Security posture dashboard?

A

Monitors and investigates potential threats in real time.

( Displays last 24 hours )

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Executive summary dashboard?

A

This dashboard analyzes and monitors the overall health of the organization over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

1) What is the Incident review dashboard? 2) How can it be helpful after an incident?

A

1) This dashboard allows analysts to identify suspicious patterns that can occur in the event of an incident.
2) This dashboard can be very helpful because it provides a visual timeline of the events leading up to an incident.

17
Q

What does the Risk Analysis Dashboard help with?

A

The risk analysis dashboard helps analysts identify risk for each risk object (e.g., a specific user, a computer, or an IP address).

18
Q

What is Enterprise insights dashboard?

A

This dashboard highlights recent alerts, identifying suspicious domain names in logs, known as indicators of compromise (IOCs).

19
Q

What is Data ingestion and health dashboard?

A

The data ingestion and health dashboard shows the number of event logs, log sources, and success rates of data being processed into Chronicle.

20
Q

What is IOC matches dashboard?

A

The IOC matches dashboard indicates the top threats, risks, and vulnerabilities to the organization.

21
Q

What is the Main dashboard?

A

The main dashboard displays a high-level summary of information related to the organization’s data ingestion, alerting, and event activity over time.

22
Q

What is the Rule detections dashboard?

A

The rule detections dashboard provides statistics related to incidents with the highest occurrences, severities, and detections over time.