SIEM Essentials Quiz

Are you ready to show off your SIEM knowledge? These 25 essential questions will test just how well you know network security.

Question 1 of 25

Which of the following is NOT an event streaming protocol?

  • IPFIX
  • SNMP
  • Netflow
  • STIX

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 2 of 25

What is the underlying format for the Common Event Format (CEF)

  • JSON
  • XML
  • Syslog
  • CSV

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

Question 3 of 25

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

  • Artificial Intelligence
  • Machine Learning
  • Data Science
  • Advanced Analytics

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 4 of 25

What is the primary use case for deep learning in security?

  • Lateral movement detection
  • Session stitching
  • Packet inspection
  • Supervised learning

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 5 of 25

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

  • Orchestration
  • Automation
  • Collaboration
  • Response

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation

Question 6 of 25

What is the metric used in SOCs that measures how long compromises, on average, have been present?

  • MTTR
  • MITRE
  • MTTD
  • Ticket Count

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation

Question 7 of 25

What does MDR stand for?

  • Meantime Detection and Response
  • Multiple Detection and Response
  • Managed Detection and Response
  • Merged Detection and Response

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 8 of 25

A threat hunter and subject matter expert would be called a?

  • Tier 1 analyst
  • Tier 2 analyst
  • Tier 3 analyst
  • Security engineer

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 9 of 25

Which security technology takes user behavior into account when making determinations?

  • SOAR
  • TAXII
  • UEBA
  • CEF

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer's Guide

Question 10 of 25

Which analyst coined the term SIEM?

  • Forrester
  • Gartner
  • IDC
  • None of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?

Question 11 of 25

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

  • CASB
  • SOAR
  • UEBA
  • IDS

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?

Question 12 of 25

What are examples of SIEM logging sources?

  • Security events
  • Network logs
  • Applications and devices
  • All of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 13 of 25

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

  • 10%
  • 15%
  • 20%
  • 25%

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 14 of 25

Of the following, which has the highest EPS?

  • Cisco routers
  • Windows DNS servers
  • Windows Domain Controllers
  • Microsoft Exchange Servers

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 15 of 25

Merging events containing different data into a reduced format which contains common event attributes is called?

  • Categorization
  • Normalization
  • Parsing
  • Indexing

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

Question 16 of 25

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

  • Indexing
  • Machine learning
  • Baselining
  • Monitoring

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA

Question 17 of 25

Which would not be used to describe the analytic techniques used in UEBA?

  • Heuristic
  • Probabilistic
  • Deterministic
  • Risk-based

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA

Question 18 of 25

Which is not a tenet of GDPR?

  • Data protection by design
  • Breach notification
  • Perimeter security
  • Record of data processing

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases

Question 19 of 25

Which are signs of an insider threat?

  • Rapid encryption
  • Privilege escalation
  • Lateral movement
  • All of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases

Question 20 of 25

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

  • True
  • False

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 21 of 25

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

  • UEBA
  • Shifting left
  • DevOps
  • None of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 22 of 25

A Virtual SOC can also be referred to as

  • EDR
  • MSSP
  • Fusion SOC
  • Multifunctional SOC

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 23 of 25

Which of the following is NOT an open source tool?

  • OSSIM
  • OSSEC
  • Apache Metron
  • Arcsight

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer’s Guide

Question 24 of 25

What does MTTD stand for?

  • Mean Time to Diagnose
  • Mean Time to Distinguish
  • Mean Time to Detect
  • Mean Time to Delete

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 25 of 25

Where are Linux system logs found?

  • /log
  • /etc/log
  • /var/log
  • /dev/log

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

You’ve finished the quiz with a score of:

Quiz Summary

Q1

Which of the following is NOT an event streaming protocol?

Q2

What is the underlying format for the Common Event Format (CEF)

Q3

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

Q4

What is the primary use case for deep learning in security?

Q5

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

Q6

What is the metric used in SOCs that measures how long compromises, on average, have been present?

Q7

What does MDR stand for?

Q8

A threat hunter and subject matter expert would be called a?

Q9

Which security technology takes user behavior into account when making determinations?

Q10

Which analyst coined the term SIEM?

Q11

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

Q12

What are examples of SIEM logging sources?

Q13

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

Q14

Of the following, which has the highest EPS?

Q15

Merging events containing different data into a reduced format which contains common event attributes is called?

Q16

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

Q17

Which would not be used to describe the analytic techniques used in UEBA?

Q18

Which is not a tenet of GDPR?

Q19

Which are signs of an insider threat?

Q20

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

Q21

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

Q22

A Virtual SOC can also be referred to as

Q23

Which of the following is NOT an open source tool?

Q24

What does MTTD stand for?

Q25

Where are Linux system logs found?

CH04

UEBA

User and Entity Behavioral Analytics detects threats other tools can’t see

Read More