1. What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?
- SPAN
- syslog
- SNMP
- NAC
2. What is the purpose of the Cisco NetFlow IOS technology?
- to collect operational data from IP networks
- to periodically poll nodes for network management information
- to manage the network performance of nodes
- to log system messages from network devices
3. Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
- NetFlow
- network tap
- IDS
- SNMP
4. Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device?
- Wireshark
- SPAN
- NetFlow
- SIEM
5. What is a monitoring tool used for capturing traffic statistics?
- syslog
- SPAN
- NetFlow
- SNMP
6. Which capability is provided by the aggregation function in SIEM?
- presenting correlated and aggregated event data in real-time monitoring
- reducing the volume of event data by consolidating duplicate event records
- increasing speed of detection and reaction to security threats by examining logs from many systems and applications
- searching logs and event records of multiple sources for more complete forensic analysis
7. What is an essential function of SIEM?
- forwarding traffic and physical layer errors to an analysis device
- providing reporting and analysis of security events
- monitoring traffic and comparing it against the configured rules
- providing 24×7 statistics on packets flowing through a Cisco router or multilayer switch
8. Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?
- forensic analysis
- correlation
- aggregation
- retention
9. Which network monitoring capability is provided by using SPAN?
- Real-time reporting and long-term analysis of security events are enabled.
- Statistics on packets flowing through Cisco routers and multilayer switches can be captured.
- Network analysts are able to access network device log files and to monitor network behavior.
- Traffic exiting and entering a switch is copied to a network monitoring device.
10. Which network tool uses artificial intelligence to detect incidents and aid in incident analysis and response?
- SIEM
- Wireshark
- NetFlow
- SOAR
11. Which network monitoring tool allows an administrator to capture real-time network traffic and analyze the entire contents of packets?
- SIEM
- Wireshark
- SOAR
- nmap
12. Which technology is an open source SIEM system?
- StealthWatch
- Splunk
- ELK
- Wireshark