Cyber Threat Intelligence All Quiz Answers | SIEM Platforms Graded Assessment

SIEM Concepts Knowledge Check ( Practice Quiz )

Q1) Which three (3) of the following are core functions of a SIEM ? (Select 3)

Manages network security by monitoring flows and events
Consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network
Collects logs and other security documentation for analysis

Q2) True or False. SIEMs capture network flow data in near real time and apply advanced analytics to reveal security offenses.

True

Q3) Which of these describes the process of data normalization in a SIEM ?

Turns raw data into a format that has fields that SIEM can use

Q4) True or False. A SIEM considers any event that is anomalous, or outside the norm, to be an offense.

True

Q5) True or False. A large company might have QRadar event collectors in each of their data centers that are configured to forward all collected events to a central event processor for analysis.

True

Q6) The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would vendor-specific training belong ?

People

Artificial Intelligence in SIEMs Knowledge Check ( Practice Quiz )

Q1) True or False. Information is often overlooked simply because the security analysts do not know how it is connected.

True

Q2) The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics ?

Morals
Generalization
Common sense

Q3) A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for abstraction ?

Human expertise

SIEM Platforms Graded Assessment ( Main Quiz )

Q1) True or False. SIEMs can be available on premises and in a cloud environment.

True

Q2) For a SIEM, what are logs of specific actions such as user logins referred to ?

Events

Q3) Which of these describes the process of data normalization in a SIEM ?

Indexes data records for fast searching and sorting

Q4) When a data stream entering a SIEM exceeds the volume it is licensed to handle, what are three (3) ways the excess data is commonly handled, depending upon the terms of the license agreement ? (Select 3)

The excess data is stored in a queue until it can be processed
The excess data is dropped
The data stream is throttled to accept only the amount allowed by the license

Q5) Which five (5) event properties must match before the event will be coalesced with other events ? (Select 5)

Username
QID
Source IP
Destination Port
Destination IP

Q6) What is the goal of SIEM tuning ?

To get the SIEM to sort out all false-positive offenses so only those that need to be investigated are presented to the investigators

Q7) True or False. QRadar event collectors send all raw event data to the central event processor for all data handling such as data normalization and event coalescence.

False

Q8) The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would containment belong ?

Process

Q9) True or False. There is a natural tendency for security analysts to choose to work on cases that they are familiar with and to ignore those that may be important but for which they have no experience.

True

Q10) The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The security analytics domain contains which three (3) of these topics ?

Anomaly detection
Pattern identification
Data correlation

Q11) A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for data visualization ?