32. Examine the following log:
LoginEvent[2021/10/13 10:32:08.958711] auth_session_authenticator.cc:304 Regular user login 1
Which type of log is this?
- Location
- Application
- Network
- Authentication
33. Fill in the blank: A syslog entry contains a header, _____, and a message.
- structured-data
- object
- tag
- eXtensible Markup Language
34. Fill in the blank: _____ analysis is a detection method used to find events of interest using patterns.
- Endpoint
- Signature
- Network
- Host
35. Which rule option is used to match based on the direction of network traffic?
- content
- sid
- flow
- message
36. Which querying language does Splunk use?
- Structured Querying Language
- Search Processing Language
- Structured Processing Language
- SIEM Processing Language
37. Which Unified Data Model (UDM) field search specifies a security action?
- security_result.action
- block
- metadata.event_type
- action
38. What are the steps in the SIEM process for data collection? Select all that apply.
- Index
- Normalize
- Collect
- Unify
Shuffle Q/A 4
39. Which of the following refers to a record of events that occur within an organization’s systems?
- Logs
- Log sources
- Occurrences
- Log forwarder
40. Examine the following log:
[2022/12/21 17:46:35.232748] NOTIFY: NetworkPropertiesUpdated: wifi_psk_13
Which type of log is this?
- Authentication
- Location
- Application
- Network