Attack Detection and Logging Quiz

Questions and Answers

PDF Questions PDF Answers

Based on the information provided, what is the main purpose of a SIEM product?

To detect brute force login attempts

To adjust sensitivity thresholds

To monitor threats and insider attacks

To collect and aggregate information (correct)

What is the responsibility of security analysts in a security operations center (SOC)?

To assess an organization's security (correct)

To monitor threats and insider attacks

To detect brute force login attempts

To collect and aggregate information

What is a false positive in the context of a SOC?

Malicious event recorded as legitimate

Threshold set too high

Legitimate event recorded as malicious (correct)

Threshold set too low

Based on the provided data set, during which interval of time was there an unusually high amount of file activity?

11:00 - 12:00

Which of the following is the most important factor for detecting attacks within an organization's network?

Establishing a form of logging

What is the purpose of traffic analysis in attack detection?

To monitor communications across a network

Which of the following is an example of a log format used by Apache web servers?

9.12.156.2 - bob [11/Jan/2020:14:16:34 -0700] "GET /index.html HTTP/1.0" 200 4066