sound the alarm detection and response coursera weekly challenge 4 answers

Test your knowledge: Overview of logs

1. What is the primary purpose of logs during incident investigation?

  • To manage alert volumes
  • To identify and diagnose system issues
  • To improve user experience
  • To provide a record of event details

2. A security analyst wants to determine whether a suspicious login was successful. Which log type would be most useful for this purpose?

  • Network
  • Authentication
  • System
  • Firewall

3. In the following log, what action does the log entry record?

[ALLOW:] Source: Friday, 10 June 2022 11:36:12

  • Source
  • Friday, 10 June 2022 11:36:12

4. Fill in the blank: _____ is the process of examining logs to identify events of interest.

  • Log forwarder
  • Log file
  • Log analysis
  • Logging

Test your knowledge: Log components and formats

5. Examine the following authentication log:

[2022/12/20 08:20:38.921286] User nuhara logged in successfully

What type of information does this log contain? Select two answers.

  • Event description
  • Syslog
  • Message ID
  • Timestamp

6. Which of the following capabilities can syslog be used for? Select three answers.

  • Extension
  • Log format
  • Protocol
  • Service

7. What are examples of log formats? Select three answers.

  • JavaScript Object Notation (JSON)
  • Gramm-Leach-Bliley Act (GLBA)
  • Common Event Format (CEF)
  • eXtensible Markup Language (XML)

8. Which log format uses tags to structure data?

  • eXtensible Markup Language (XML)
  • Verbose
  • Comma Separated Values (CSV)
  • Syslog

Shuffle Q/A 1

Test your knowledge: Overview of intrusion detection systems (IDS)

9. A security analyst uses a network protocol analyzer to capture HTTP traffic to analyze patterns. What type of data are they using?

  • Network telemetry
  • Host-based
  • False positive
  • Signature-based

10. Which statement accurately describes the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?

  • A NIDS is installed on a network; a HIDS is installed on individual devices.
  • A NIDS uses signature analysis to detect threats; a HIDS uses agents.
  • A NIDS is installed on individual devices; a HIDS is installed on a network.
  • A NIDS only detects known threats; a HIDS detects unknown threats.

Leave a Reply