Weekly challenge 4
22. What is the difference between a log and log analysis?
- A log records details in log files. Log analysis involves a high-level overview of all events that happen on the network.
- A log and log analysis both contain details of events, but they record details from different sources.
- A log contains log file details. Log analysis involves the collection and storage of logs.
- A log is a record of events that occur within an organization’s systems. Log analysis is the process of examining logs to identify events of interest.
23. Examine the following log:
{
“name”: “System test”,
“host”: "167.155.183.139",
“id”: 11111,
“Message”: [error] test,
}
Which log format is this log entry in?
- Syslog
- CSV
- XML
- JSON
24. Consider the following scenario:
A security analyst at a midsized company is tasked with installing and configuring a host-based intrusion detection system (HIDS) on a laptop. The security analyst installs the HIDS and wants to test whether it is working properly by simulating malicious activity. The security analyst runs unauthorized programs on the laptop, which the HIDS successfully detects and alerts on.
What is the laptop an example of?
- An endpoint
- An agent
- A log forwarder
- A signature
25. What information is included in a signature’s header? Select all that apply.
- IP address
- Port number
- Protocol
- Action
26. Which symbol is used to indicate a comment and is ignored in a Suricata signature file?
- :
- >
- #
- $
27. Which type of log data does Suricata generate? Select all that apply.
- Network telemetry
- Protocol
- Alert
- Signature
28. Which type of Splunk query searches through unstructured log records?
- Reference search
- Raw log search
- Index search
- UDM search
Shuffle Q/A 3
30. Fill in the blank: SIEM tools _____ raw data so that it is formatted consistently.
- process
- ingest
- normalize
- collect