SIEM Quiz - Exabeam

Are you ready to show off your SIEM knowledge? These 25 essential questions will test just how well you know network security.

Question 1 of 25

Which of the following is NOT an event streaming protocol?

IPFIX
SNMP
Netflow
STIX

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 2 of 25

What is the underlying format for the Common Event Format (CEF)

JSON
XML
Syslog
CSV

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

Question 3 of 25

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

Artificial Intelligence
Machine Learning
Data Science
Advanced Analytics

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 4 of 25

What is the primary use case for deep learning in security?

Lateral movement detection
Session stitching
Packet inspection
Supervised learning

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 5 of 25

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

Orchestration
Automation
Collaboration
Response

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation

Question 6 of 25

What is the metric used in SOCs that measures how long compromises, on average, have been present?

MTTR
MITRE
MTTD
Ticket Count

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation

Question 7 of 25

What does MDR stand for?

Meantime Detection and Response
Multiple Detection and Response
Managed Detection and Response
Merged Detection and Response

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 8 of 25

A threat hunter and subject matter expert would be called a?

Tier 1 analyst
Tier 2 analyst
Tier 3 analyst
Security engineer

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 9 of 25

Which security technology takes user behavior into account when making determinations?

SOAR
TAXII
UEBA
CEF

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer's Guide

Question 10 of 25

Which analyst coined the term SIEM?

Forrester
Gartner
IDC
None of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?

Question 11 of 25

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

CASB
SOAR
UEBA
IDS

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?

Question 12 of 25

What are examples of SIEM logging sources?

Security events
Network logs
Applications and devices
All of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 13 of 25

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

10%
15%
20%
25%

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 14 of 25

Of the following, which has the highest EPS?

Cisco routers
Windows DNS servers
Windows Domain Controllers
Microsoft Exchange Servers

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture

Question 15 of 25

Merging events containing different data into a reduced format which contains common event attributes is called?

Categorization
Normalization
Parsing
Indexing

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

Question 16 of 25

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

Indexing
Machine learning
Baselining
Monitoring

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA

Question 17 of 25

Which would not be used to describe the analytic techniques used in UEBA?

Heuristic
Probabilistic
Deterministic
Risk-based

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA

Question 18 of 25

Which is not a tenet of GDPR?

Data protection by design
Breach notification
Perimeter security
Record of data processing

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases

Question 19 of 25

Which are signs of an insider threat?

Rapid encryption
Privilege escalation
Lateral movement
All of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases

Question 20 of 25

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

True
False

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics

Question 21 of 25

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

UEBA
Shifting left
DevOps
None of the above

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 22 of 25

A Virtual SOC can also be referred to as

EDR
MSSP
Fusion SOC
Multifunctional SOC

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 23 of 25

Which of the following is NOT an open source tool?

OSSIM
OSSEC
Apache Metron
Arcsight

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer’s Guide

Question 24 of 25

What does MTTD stand for?

Mean Time to Diagnose
Mean Time to Distinguish
Mean Time to Detect
Mean Time to Delete

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM

Question 25 of 25

Where are Linux system logs found?

/log
/etc/log
/var/log
/dev/log

Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs

You’ve finished the quiz with a score of:

Share your score on

Quiz Summary

Q1

Which of the following is NOT an event streaming protocol?

Learn More

pts

Q2

What is the underlying format for the Common Event Format (CEF)

Learn More

pts

Q3

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

Learn More

pts

Q4

What is the primary use case for deep learning in security?

Learn More

pts

Q5

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

Learn More

pts

Q6

What is the metric used in SOCs that measures how long compromises, on average, have been present?

Learn More

pts

Q7

What does MDR stand for?

Learn More

pts

Q8

A threat hunter and subject matter expert would be called a?

Learn More

pts

Q9

Which security technology takes user behavior into account when making determinations?

Learn More

pts

Q10

Which analyst coined the term SIEM?

Learn More

pts

Q11

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

Learn More

pts

Q12

What are examples of SIEM logging sources?

Learn More

pts

Q13

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

Learn More

pts

Q14

Of the following, which has the highest EPS?

Learn More

pts

Q15

Merging events containing different data into a reduced format which contains common event attributes is called?

Learn More

pts

Q16

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

Learn More

pts

Q17

Which would not be used to describe the analytic techniques used in UEBA?

Learn More

pts

Q18

Which is not a tenet of GDPR?

Learn More

pts

Q19

Which are signs of an insider threat?

Learn More

pts

Q20

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

Learn More

pts

Q21

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

Learn More

pts

Q22

A Virtual SOC can also be referred to as

Learn More

pts

Q23

Which of the following is NOT an open source tool?

Learn More

pts

Q24

What does MTTD stand for?

Learn More

pts

Q25

Where are Linux system logs found?

Learn More

pts

Prev Evaluating and Selecting SIEM Tools - A Buyer's Guide

CH01

What is SIEM

Components, best practices, and next-gen capabilities

CH02

SIEM Architecture

How SIEMs are built, how they generate insights, and how they are changing

CH03

Events and Logs

SIEM under the hood - the anatomy of security events and system logs

CH04

UEBA

User and Entity Behavioral Analytics detects threats other tools can’t see

CH05

SIEM Use Cases

Beyond alerting and compliance - SIEMs for insider threats, threat hunting and IoT

CH06

SIEM Analytics

From correlation rules and attack signatures to automated detection via machine learning

CH07

Incident Response and Automation

Security Automation and Orchestration (SOAR) - the future of incident response

CH08

The SOC, SecOps and SIEM

A comprehensive guide to the modern SOC - SecOps and next-gen tech

CH09

Evaluating and Selecting SIEM Tools - A Buyer's Guide

Evaluation criteria, build vs. buy, cost considerations and compliance

CH10

SIEM Essentials Quiz

SIEM Essentials Quiz

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.