41. Examine the following log:

<111>1 2020-04-12T23:20:50.52Z my.machine.com evntslog - ID01 [user@98274 iut="2" eventSource="Mobile" eventID="24"][Priority@98274 class="low"] Computer A

What field value indicates the type of device that this event originated from?

  • my.machine.com
  • Computer A
  • Mobile
  • low

42. What is the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?

  • A NIDS collects and monitors network traffic and network data. A HIDS monitors the activity of the host on which it is installed.
  • Both NIDS and HIDS monitor systems and generate alerts, but a NIDS use agents.
  • A NIDS monitors the activity of the host on which it is installed. A HIDS uses signature analysis to analyze network activity.
  • A NIDS logs and generates alerts. A HIDS system monitors endpoint activity.

43. Which rule option is used to indicate the number of times a signature is updated?

  • tcp
  • msg
  • rev
  • sid

44. Fill in the blank: The asterisk symbol is also known as a(n) _____.

  • label
  • wildcard
  • option
  • Boolean operator

45. Fill in the blank: Chronicle uses ______ to define detection rules.

  • UDM
  • YARA-L
  • SQL
  • SPL

46. What is the difference between network telemetry and network alert logs?

  • Network telemetry is output in EVE JSON format; network alert logs are output in HTML.
  • Network telemetry is the output of a signature; network alert logs contain details about malicious activity.
  • Network telemetry contains information about network traffic flows; network alert logs are the output of a signature.
  • Both provide information that is relevant for security analysts, but network alert logs contain network connection details.

Leave a Reply