11. Fill in the blank: The _____ component of an IDS signature includes network traffic information.
- action
- rule options
- header
- signature ID
12. A security analyst creates a Suricata signature to identify and detect security threats based on the direction of network traffic. Which of the following rule options should they use?
- Content
- Message
- Flow
- Rev
Activity: Perform a query with Splunk
13. How many events are contained in the main index across all time?
- Over 100,000
- 100-1,000
- 10,000
- 10-99
14. Which field identifies the name of a network device or system from which an event originates?
- host
- sourcetype
- index
- source
15. Which of the following hosts used by Buttercup Games contains log information relevant to financial transactions?
- www1
- vendor_sales
- www2
- www3
16. How many failed SSH logins are there for the root account on the mail server?
- One
- None
- 100
- More than 100
Test your knowledge: Overview of SIEM tools
17. Which special character can be used to substitute with any other character in Search Processing Language (SPL)?
- =
- !=
- |
- *
18. Which of the following steps is part of the SIEM process for data collection? Select three answers.
- Collect and process data.
- SIEM tools index data to be made searchable.
- Normalize data so it is ready to read and analyze.
- Monitor activity and alerts related to intrusions.
Shuffle Q/A 2
19. Fill in the blank: ____ is a computer language used to create rules for searching through ingested log data.
- EVE JSON
- YARA-L
- NIDS
- SIEM