SIEM Concepts Knowledge Check ( Practice Quiz )
Q1) Which three (3) of the following are core functions of a SIEM ? (Select 3)
- Manages network security by monitoring flows and events
- Consolidates log events and network flow data from thousands of devices, endpoints and applications distributed throughout a network
- Collects logs and other security documentation for analysis
Q2) True or False. SIEMs capture network flow data in near real time and apply advanced analytics to reveal security offenses.
- True
Q3) Which of these describes the process of data normalization in a SIEM ?
- Turns raw data into a format that has fields that SIEM can use
Q4) True or False. A SIEM considers any event that is anomalous, or outside the norm, to be an offense.
- True
Q5) True or False. A large company might have QRadar event collectors in each of their data centers that are configured to forward all collected events to a central event processor for analysis.
- True
Q6) The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would vendor-specific training belong ?
- People
Artificial Intelligence in SIEMs Knowledge Check ( Practice Quiz )
Q1) True or False. Information is often overlooked simply because the security analysts do not know how it is connected.
- True
Q2) The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The human expertise domain would contain which three (3) of these topics ?
- Morals
- Generalization
- Common sense
Q3) A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for abstraction ?
- Human expertise
SIEM Platforms Graded Assessment ( Main Quiz )
Q1) True or False. SIEMs can be available on premises and in a cloud environment.
- True
Q2) For a SIEM, what are logs of specific actions such as user logins referred to ?
- Events
Q3) Which of these describes the process of data normalization in a SIEM ?
- Indexes data records for fast searching and sorting
Q4) When a data stream entering a SIEM exceeds the volume it is licensed to handle, what are three (3) ways the excess data is commonly handled, depending upon the terms of the license agreement ? (Select 3)
- The excess data is stored in a queue until it can be processed
- The excess data is dropped
- The data stream is throttled to accept only the amount allowed by the license
Q5) Which five (5) event properties must match before the event will be coalesced with other events ? (Select 5)
- Username
- QID
- Source IP
- Destination Port
- Destination IP
Q6) What is the goal of SIEM tuning ?
- To get the SIEM to sort out all false-positive offenses so only those that need to be investigated are presented to the investigators
Q7) True or False. QRadar event collectors send all raw event data to the central event processor for all data handling such as data normalization and event coalescence.
- False
Q8) The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would containment belong ?
- Process
Q9) True or False. There is a natural tendency for security analysts to choose to work on cases that they are familiar with and to ignore those that may be important but for which they have no experience.
- True
Q10) The partnership between security analysts and technology can be said to be grouped into 3 domains, human expertise, security analytics and artificial intelligence. The security analytics domain contains which three (3) of these topics ?
- Anomaly detection
- Pattern identification
- Data correlation
Q11) A robust cybersecurity defense includes contributions from 3 areas, human expertise, security analytics and artificial intelligence. Which of these areas would contain the ability for data visualization ?
- Security analytics
*****************************************************************************************************
Cyber Threat Intelligence
0 Comments