What is the purpose for data reduction as it relates to NSM? to remove recurring data streams to make the alert data transmission fast to diminish the quantity of NSM…
Which tool is a Security Onion integrated host-based intrusion detection system? Sguil ELK Snort OSSEC Answers Explanation & Hints: OSSEC is a host-based intrusion detection system (HIDS) that is integrated…
Which term is used to describe the process of converting log entries into a common format? classification normalization standardization systemization Answers Explanation & Hints: For processing log entries, data normalization…
Which classification indicates that an alert is verified as an actual security incident? true positive true negative false positive false negative Answers Explanation & Hints: Alerts can be classified as…
A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert? false…
A threat actor has successfully breached the network firewall without being detected by the IDS system. What condition describes the lack of alert? false negative false positive true positive true…
After a security monitoring tool identifies a malware attachment entering the network, what is the benefit of performing a retrospective analysis? A retrospective analysis can help in tracking the behavior…
Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident? SOC Manager Tier 1 personnel Tier 2…
Match the Snort rule source to the description. Explanation & Hint: GPL: This typically refers to the General Public License, and in the context of Snort, it may refer to…
What information is contained in the options section of a Snort rule? direction of traffic flow source and destination address action to be taken text describing the event Answers Explanation…
Refer to the exhibit. Which field in the Sguil application window indicates the priority of an event or set of correlated events? CNT ST Pr AlertID Answers Explanation & Hints:…
What is indicated by a Snort signature ID that is below 3464? The SID was created by members of EmergingThreats. The SID was created by Sourcefire and distributed under a…
Refer to the exhibit. A security analyst is reviewing an alert message generated by Snort. What does the number 2100498 in the message indicate? the message length in bits the…
Refer to the exhibit. A network administrator is viewing some output on the Netflow collector. What can be determined from the output of the traffic flow shown? This is a…
Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation? ASA AVC ESA WSA Answers Explanation & Hints:…
In a Cisco AVC system, in which module is NetFlow deployed? Control Metrics Collection Application Recognition Management and Reporting Answers Explanation & Hints: NetFlow technology is deployed in the Metrics…
Match the SIEM function with the description. Explanation & Hint: This is focusing on the functions of a Security Information and Event Management (SIEM) system. SIEM systems are used for…
Which Windows log contains information about installations of software, including Windows updates? setup logs system logs security logs application logs Answers Explanation & Hints: On a Windows host, setup logs…
What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol? There is a problem associated with NTP.…
What is the primary purpose of the Malware Information Sharing Platform (MISP) ? to exchange all the response mechanisms to known threats to publish all informational materials on known and…