sound the alarm detection and response coursera weekly challenge 4 answers
Test your knowledge: Overview of logs
1. What is the primary purpose of logs during incident investigation?
- To manage alert volumes
- To identify and diagnose system issues
- To improve user experience
- To provide a record of event details
2. A security analyst wants to determine whether a suspicious login was successful. Which log type would be most useful for this purpose?
- Network
- Authentication
- System
- Firewall
3. In the following log, what action does the log entry record?
[ALLOW: wikipedia.org] Source: 192.167.1.1 Friday, 10 June 2022 11:36:12
- 192.167.1.1
- Source
- Friday, 10 June 2022 11:36:12
- ALLOW
4. Fill in the blank: _____ is the process of examining logs to identify events of interest.
- Log forwarder
- Log file
- Log analysis
- Logging
Test your knowledge: Log components and formats
5. Examine the following authentication log:
[2022/12/20 08:20:38.921286] User nuhara logged in successfully
What type of information does this log contain? Select two answers.
- Event description
- Syslog
- Message ID
- Timestamp
6. Which of the following capabilities can syslog be used for? Select three answers.
- Extension
- Log format
- Protocol
- Service
7. What are examples of log formats? Select three answers.
- JavaScript Object Notation (JSON)
- Gramm-Leach-Bliley Act (GLBA)
- Common Event Format (CEF)
- eXtensible Markup Language (XML)
8. Which log format uses tags to structure data?
- eXtensible Markup Language (XML)
- Verbose
- Comma Separated Values (CSV)
- Syslog
Shuffle Q/A 1
Test your knowledge: Overview of intrusion detection systems (IDS)
9. A security analyst uses a network protocol analyzer to capture HTTP traffic to analyze patterns. What type of data are they using?
- Network telemetry
- Host-based
- False positive
- Signature-based
10. Which statement accurately describes the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?
- A NIDS is installed on a network; a HIDS is installed on individual devices.
- A NIDS uses signature analysis to detect threats; a HIDS uses agents.
- A NIDS is installed on individual devices; a HIDS is installed on a network.
- A NIDS only detects known threats; a HIDS detects unknown threats.