41. Examine the following log:
<111>1 2020-04-12T23:20:50.52Z my.machine.com evntslog - ID01 [user@98274 iut="2" eventSource="Mobile" eventID="24"][Priority@98274 class="low"] Computer A
What field value indicates the type of device that this event originated from?
- my.machine.com
- Computer A
- Mobile
- low
42. What is the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?
- A NIDS collects and monitors network traffic and network data. A HIDS monitors the activity of the host on which it is installed.
- Both NIDS and HIDS monitor systems and generate alerts, but a NIDS use agents.
- A NIDS monitors the activity of the host on which it is installed. A HIDS uses signature analysis to analyze network activity.
- A NIDS logs and generates alerts. A HIDS system monitors endpoint activity.
43. Which rule option is used to indicate the number of times a signature is updated?
- tcp
- msg
- rev
- sid
44. Fill in the blank: The asterisk symbol is also known as a(n) _____.
- label
- wildcard
- option
- Boolean operator
46. What is the difference between network telemetry and network alert logs?
- Network telemetry is output in EVE JSON format; network alert logs are output in HTML.
- Network telemetry is the output of a signature; network alert logs contain details about malicious activity.
- Network telemetry contains information about network traffic flows; network alert logs are the output of a signature.
- Both provide information that is relevant for security analysts, but network alert logs contain network connection details.