Weekly challenge 4

21. What details do logs contain? Select all that apply.

  • Location
  • Date
  • Forwarder
  • Time

22. What is the difference between a log and log analysis?

  • A log records details in log files. Log analysis involves a high-level overview of all events that happen on the network.
  • A log and log analysis both contain details of events, but they record details from different sources.
  • A log contains log file details. Log analysis involves the collection and storage of logs.
  • A log is a record of events that occur within an organization’s systems. Log analysis is the process of examining logs to identify events of interest.

23. Examine the following log:

{
“name”: “System test”,
“host”: "167.155.183.139",
“id”: 11111,
“Message”: [error] test,
}

Which log format is this log entry in?

  • Syslog
  • CSV
  • XML
  • JSON

24. Consider the following scenario:

A security analyst at a midsized company is tasked with installing and configuring a host-based intrusion detection system (HIDS) on a laptop. The security analyst installs the HIDS and wants to test whether it is working properly by simulating malicious activity. The security analyst runs unauthorized programs on the laptop, which the HIDS successfully detects and alerts on.

What is the laptop an example of?

  • An endpoint
  • An agent
  • A log forwarder
  • A signature

25. What information is included in a signature’s header? Select all that apply.

  • IP address
  • Port number
  • Protocol
  • Action

26. Which symbol is used to indicate a comment and is ignored in a Suricata signature file?

  • :
  • >
  • #
  • $

27. Which type of log data does Suricata generate? Select all that apply.

  • Network telemetry
  • Protocol
  • Alert
  • Signature

28. Which type of Splunk query searches through unstructured log records?

  • Reference search
  • Raw log search
  • Index search
  • UDM search

Shuffle Q/A 3

29. What is the default method of search in Chronicle?

  • YARA-L
  • Raw log
  • Non-normalized
  • UDM

30. Fill in the blank: SIEM tools _____ raw data so that it is formatted consistently.

  • process
  • ingest
  • normalize
  • collect

Leave a Reply