SIEM Quiz - Exabeam

CH01

What is SIEM

Components, best practices, and next-gen capabilities

CH02

SIEM Architecture

How SIEMs are built, how they generate insights, and how they are changing

CH03

Events and Logs

SIEM under the hood - the anatomy of security events and system logs

CH04

UEBA

User and Entity Behavioral Analytics detects threats other tools can’t see

CH05

SIEM Use Cases

Beyond alerting and compliance - SIEMs for insider threats, threat hunting and IoT

CH06

SIEM Analytics

From correlation rules and attack signatures to automated detection via machine learning

CH07

Incident Response and Automation

Security Automation and Orchestration (SOAR) - the future of incident response

CH08

The SOC, SecOps and SIEM

A comprehensive guide to the modern SOC - SecOps and next-gen tech

CH09

Evaluating and Selecting SIEM Tools - A Buyer's Guide

Evaluation criteria, build vs. buy, cost considerations and compliance

CH10

1.844.EXABEAM

SIEM Essentials Quiz

Which of the following is NOT an event streaming protocol?

What is the underlying format for the Common Event Format (CEF)

Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?

What is the primary use case for deep learning in security?

What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?

What is the metric used in SOCs that measures how long compromises, on average, have been present?

What does MDR stand for?

A threat hunter and subject matter expert would be called a?

Which security technology takes user behavior into account when making determinations?

Which analyst coined the term SIEM?

What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)

What are examples of SIEM logging sources?

Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?

Of the following, which has the highest EPS?

Merging events containing different data into a reduced format which contains common event attributes is called?

The process of creating profiles that model standard behavior for users and entities in an IT environment is called?

Which would not be used to describe the analytic techniques used in UEBA?

Which is not a tenet of GDPR?

Which are signs of an insider threat?

Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.

Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as

A Virtual SOC can also be referred to as

Which of the following is NOT an open source tool?

What does MTTD stand for?

Where are Linux system logs found?

You’ve finished the quiz with a score of:

Quiz Summary