CH01
What is SIEM
Components, best practices, and next-gen capabilities
Read More
- Why Exabeam
Customers
Interact Software
Helping Interact Software Simplify Case Management While Increasing Visibility and Efficiency
Read More- Solutions
Featured Solution Brief
- Products
Featured Data Sheet
Exabeam Threat Detection Investigation and Response (TDIR) Use Case Packages
Exabeam TDIR Use Case Packages provide prescriptive, end-to-end workflows and prepackaged content that enable organizations to easily automate detection, investigation and response to compromised insiders, malicious insiders and external threats. Pre-packaged detection logic and investigation and response tools configured for each threat-centric use case are ready to deploy day one. With TDIR Use Case Packages, organizations can increase operational efficiency, accelerate time to value, and improve their security posture over time.
Read More- Blog
Featured Blog Post
- Resources
Featured Resource
- Customers
- Partners
- Why Exabeam
Customers
Interact Software
Helping Interact Software Simplify Case Management While Increasing Visibility and Efficiency
Read More- Solutions
Featured Solution Brief
- Products
Featured Data Sheet
Exabeam Threat Detection Investigation and Response (TDIR) Use Case Packages
Exabeam TDIR Use Case Packages provide prescriptive, end-to-end workflows and prepackaged content that enable organizations to easily automate detection, investigation and response to compromised insiders, malicious insiders and external threats. Pre-packaged detection logic and investigation and response tools configured for each threat-centric use case are ready to deploy day one. With TDIR Use Case Packages, organizations can increase operational efficiency, accelerate time to value, and improve their security posture over time.
Read More- Blog
Featured Blog Post
- Resources
Featured Resource
- Partners
SIEM Essentials Quiz
Are you ready to show off your SIEM knowledge? These 25 essential questions will test just how well you know network security.
Question 1 of 25
Which of the following is NOT an event streaming protocol?
- IPFIX
- SNMP
- Netflow
- STIX
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture
Question 2 of 25
What is the underlying format for the Common Event Format (CEF)
- JSON
- XML
- Syslog
- CSV
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs
Question 3 of 25
Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?
- Artificial Intelligence
- Machine Learning
- Data Science
- Advanced Analytics
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics
Question 4 of 25
What is the primary use case for deep learning in security?
- Lateral movement detection
- Session stitching
- Packet inspection
- Supervised learning
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics
Question 5 of 25
What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?
- Orchestration
- Automation
- Collaboration
- Response
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation
Question 6 of 25
What is the metric used in SOCs that measures how long compromises, on average, have been present?
- MTTR
- MITRE
- MTTD
- Ticket Count
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 7: Incident Response and Automation
Question 7 of 25
What does MDR stand for?
- Meantime Detection and Response
- Multiple Detection and Response
- Managed Detection and Response
- Merged Detection and Response
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM
Question 8 of 25
A threat hunter and subject matter expert would be called a?
- Tier 1 analyst
- Tier 2 analyst
- Tier 3 analyst
- Security engineer
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM
Question 9 of 25
Which security technology takes user behavior into account when making determinations?
- SOAR
- TAXII
- UEBA
- CEF
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer's Guide
Question 10 of 25
Which analyst coined the term SIEM?
- Forrester
- Gartner
- IDC
- None of the above
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?
Question 11 of 25
What two new capabilities distinguish Next-Gen SIEM from SIEM? (Choose two)
- CASB
- SOAR
- UEBA
- IDS
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 1: What is SIEM?
Question 12 of 25
What are examples of SIEM logging sources?
- Security events
- Network logs
- Applications and devices
- All of the above
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture
Question 13 of 25
Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?
- 10%
- 15%
- 20%
- 25%
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture
Question 14 of 25
Of the following, which has the highest EPS?
- Cisco routers
- Windows DNS servers
- Windows Domain Controllers
- Microsoft Exchange Servers
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 2: SIEM Architecture
Question 15 of 25
Merging events containing different data into a reduced format which contains common event attributes is called?
- Categorization
- Normalization
- Parsing
- Indexing
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs
Question 16 of 25
The process of creating profiles that model standard behavior for users and entities in an IT environment is called?
- Indexing
- Machine learning
- Baselining
- Monitoring
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA
Question 17 of 25
Which would not be used to describe the analytic techniques used in UEBA?
- Heuristic
- Probabilistic
- Deterministic
- Risk-based
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 4: UEBA
Question 18 of 25
Which is not a tenet of GDPR?
- Data protection by design
- Breach notification
- Perimeter security
- Record of data processing
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases
Question 19 of 25
Which are signs of an insider threat?
- Rapid encryption
- Privilege escalation
- Lateral movement
- All of the above
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 5: SIEM Use Cases
Question 20 of 25
Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.
- True
- False
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 6: SIEM Analytics
Question 21 of 25
Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as
- UEBA
- Shifting left
- DevOps
- None of the above
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM
Question 22 of 25
A Virtual SOC can also be referred to as
- EDR
- MSSP
- Fusion SOC
- Multifunctional SOC
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM
Question 23 of 25
Which of the following is NOT an open source tool?
- OSSIM
- OSSEC
- Apache Metron
- Arcsight
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 9: SIEM Buyer’s Guide
Question 24 of 25
What does MTTD stand for?
- Mean Time to Diagnose
- Mean Time to Distinguish
- Mean Time to Detect
- Mean Time to Delete
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 8: The SOC, SecOps and SIEM
Question 25 of 25
Where are Linux system logs found?
- /log
- /etc/log
- /var/log
- /dev/log
Congratulations, your answer is correct. Unfortunately, this answer is wrong. To learn more check: Chapter 3: Events and Logs
You’ve finished the quiz with a score of:
Quiz Summary
Q3
Which of the following best describes "a field that uses statistical techniques to allow machines to learn without being explicitly programmed"?
Learn MoreptsQ5
What is the term for "machine-driven execution of actions on security tools and IT systems, as part of a response to an incident"?
Learn MoreptsQ6
What is the metric used in SOCs that measures how long compromises, on average, have been present?
Learn MoreptsQ9
Which security technology takes user behavior into account when making determinations?
Learn MoreptsQ13
Allowing for headroom and growth, what percentage over expected events per second (EPS) capacity is recommended by SANS?
Learn MoreptsQ15
Merging events containing different data into a reduced format which contains common event attributes is called?
Learn MoreptsQ16
The process of creating profiles that model standard behavior for users and entities in an IT environment is called?
Learn MoreptsQ20
Unsupervised machine learning is best suited to understanding whether observed behavior is good or bad.
Learn MoreptsQ21
Implementing a SecOps process where the security team is engaged earlier by engaging with IT operations is referred to as
Learn MoreptsCH02
SIEM Architecture
How SIEMs are built, how they generate insights, and how they are changing
Read MoreCH03
Events and Logs
SIEM under the hood - the anatomy of security events and system logs
Read MoreCH04
UEBA
User and Entity Behavioral Analytics detects threats other tools can’t see
Read MoreCH05
SIEM Use Cases
Beyond alerting and compliance - SIEMs for insider threats, threat hunting and IoT
Read MoreCH06
SIEM Analytics
From correlation rules and attack signatures to automated detection via machine learning
Read MoreCH07
Incident Response and Automation
Security Automation and Orchestration (SOAR) - the future of incident response
Read MoreCH08
The SOC, SecOps and SIEM
A comprehensive guide to the modern SOC - SecOps and next-gen tech
Read MoreCH09
Evaluating and Selecting SIEM Tools - A Buyer's Guide
Evaluation criteria, build vs. buy, cost considerations and compliance
Read MoreCH10
SIEM Essentials Quiz
SIEM Essentials Quiz
Read More - Solutions
- Solutions