1. When real-time reporting of security events from multiple sources is being received, which function in SIEM provides capturing and processing of data in a common format?
- log collection
2. What is the value of file hashes to network security investigations?
- They can serve as malware signatures.
- They ensure data availability.
- They offer confidentiality.
- They assure nonrepudiation.
3. Which technology is an open source SIEM system?
4. A network administrator is working with ELK. The amount of network traffic to be collected by packet captures and the number of log file entries and alerts that will be generated by network and security devices can be enormous. What is the default time configured in Kibana to show the log entries?
- 36 hours
- 48 hours
- 24 hours
- 12 hours
5. In which programming language is Elasticsearch written?
6. For how long does the Payment Card Industry Security Standards Council (PCI DSS) require that an audit trail of user activities related to protected information be retained?
- 24 months
- 18 months
- 6 months
- 12 months
7. What is the host-based intrusion detection tool that is integrated into Security Onion?
8. Which core open source component of the Elastic-stack is responsible for accessing, visualizing, and investigating data?
9. What is the default time set in the securityonion.conf file for Sguil alert data retention?
- 15 days
- 45 days
- 60 days
- 30 days
10. Which tool would an analyst use to start a workflow investigation?
11. Which core open source component of the Elastic-stack is responsible for storing, indexing, and analyzing data?
12. Which tool concentrates security events from multiple sources and can interact with other tools such as Wireshark?