Get a Demo

Quick Links

Exabeam SIEM

Threat Detection

Insider Threats

Cloud Security

Federal

Get a Demo
Get a Demo
1.844.EXABEAM
info@exabeam.com

SIEM Essentials Quiz

Are you ready to show off your SIEM knowledge? These 25 essential questions will test just how well you know network security.

Question 1 of 25

Which of the following is NOT an event streaming protocol?

  • IPFIX
  • SNMP
  • Netflow
  • STIX

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 2 of 25

What is the underlying format for the Common Event Format (CEF)

  • JSON
  • XML
  • Syslog
  • CSV

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

Question 3 of 25

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

  • Artificial Intelligence
  • Machine Learning
  • Data Science
  • Advanced Analytics

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 4 of 25

What is the primary use case for deep learning in security?

  • Lateral movement detection
  • Session stitching
  • Packet inspection
  • Supervised learning

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 5 of 25

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

  • Orchestration
  • Automation
  • Collaboration
  • Response

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation

Question 6 of 25

What is the metric used in SOCs that measures how long compromises, on average, have been present?

  • MTTR
  • MITRE
  • MTTD
  • Ticket Count

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation

Question 7 of 25

What does MDR stand for?

  • Meantime Detection and Response
  • Multiple Detection and Response
  • Managed Detection and Response
  • Merged Detection and Response

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 8 of 25

A threat hunter and subject matter expert would be called a?

  • Tier 1 analyst
  • Tier 2 analyst
  • Tier 3 analyst
  • Security engineer

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 9 of 25

Which security technology takes user behavior into account when making determinations?

  • SOAR
  • TAXII
  • UEBA
  • CEF

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer's Guide

Question 10 of 25

Which analyst coined the term SIEM?

  • Forrester
  • Gartner
  • IDC
  • None of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?

Question 11 of 25

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

  • CASB
  • SOAR
  • UEBA
  • IDS

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?

Question 12 of 25

What are examples of SIEM logging sources?

  • Security events
  • Network logs
  • Applications and devices
  • All of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 13 of 25

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

  • 10%
  • 15%
  • 20%
  • 25%

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 14 of 25

Of the following, which has the highest EPS?

  • Cisco routers
  • Windows DNS servers
  • Windows Domain Controllers
  • Microsoft Exchange Servers

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 15 of 25

Merging events containing different data into a reduced format which contains common event attributes is called?

  • Categorization
  • Normalization
  • Parsing
  • Indexing

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

Question 16 of 25

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

  • Indexing
  • Machine learning
  • Baselining
  • Monitoring

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA

Question 17 of 25

Which would not be used to describe the analytic techniques used in UEBA?

  • Heuristic
  • Probabilistic
  • Deterministic
  • Risk-based

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA

Question 18 of 25

Which is not a tenet of GDPR?

  • Data protection by design
  • Breach notification
  • Perimeter security
  • Record of data processing

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases

Question 19 of 25

Which are signs of an insider threat?

  • Rapid encryption
  • Privilege escalation
  • Lateral movement
  • All of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases

Question 20 of 25

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

  • True
  • False

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 21 of 25

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

  • UEBA
  • Shifting left
  • DevOps
  • None of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 22 of 25

A Virtual SOC can also be referred to as

  • EDR
  • MSSP
  • Fusion SOC
  • Multifunctional SOC

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 23 of 25

Which of the following is NOT an open source tool?

  • OSSIM
  • OSSEC
  • Apache Metron
  • Arcsight

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer’s Guide

Question 24 of 25

What does MTTD stand for?

  • Mean Time to Diagnose
  • Mean Time to Distinguish
  • Mean Time to Detect
  • Mean Time to Delete

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 25 of 25

Where are Linux system logs found?

  • /log
  • /etc/log
  • /var/log
  • /dev/log

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

You’ve finished the quiz with a score of:

Quiz Summary

Q1

Which of the following is NOT an event streaming protocol?

Learn More
pts

Q2

What is the underlying format for the Common Event Format (CEF)

Learn More
pts

Q3

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

Learn More
pts

Q4

What is the primary use case for deep learning in security?

Learn More
pts

Q5

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

Learn More
pts

Q6

What is the metric used in SOCs that measures how long compromises, on average, have been present?

Learn More
pts

Q7

What does MDR stand for?

Learn More
pts

Q8

A threat hunter and subject matter expert would be called a?

Learn More
pts

Q9

Which security technology takes user behavior into account when making determinations?

Learn More
pts

Q10

Which analyst coined the term SIEM?

Learn More
pts

Q11

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

Learn More
pts

Q12

What are examples of SIEM logging sources?

Learn More
pts

Q13

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

Learn More
pts

Q14

Of the following, which has the highest EPS?

Learn More
pts

Q15

Merging events containing different data into a reduced format which contains common event attributes is called?

Learn More
pts

Q16

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

Learn More
pts

Q17

Which would not be used to describe the analytic techniques used in UEBA?

Learn More
pts

Q18

Which is not a tenet of GDPR?

Learn More
pts

Q19

Which are signs of an insider threat?

Learn More
pts

Q20

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

Learn More
pts

Q21

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

Learn More
pts

Q22

A Virtual SOC can also be referred to as

Learn More
pts

Q23

Which of the following is NOT an open source tool?

Learn More
pts

Q24

What does MTTD stand for?

Learn More
pts

Q25

Where are Linux system logs found?

Learn More
pts
Prev Evaluating and Selecting SIEM Tools - A Buyer's Guide

CH04

UEBA

User and Entity Behavioral Analytics detects threats other tools can’t see

Read More