Security Monitoring Terms & Definitions - Module 07 Study Set

Which data correlation analysis is designed for detecting statistical variations and identifying events that are a significant deviation from a baseline?

a. Threat analysis

b. Deviation analysis

c. Data analysis

d. Anomaly analysis

Anomaly analysis

Which data correlation analysis examines if a network device is properly functioning to provide resources to users?

a. Network analysis

b. Availability analysis

c. Uptime analysis

d. SIEM analysis

Availability analysis

Which data correlation analysis uses normal processes and actions as the standard?

a. Process analysis

b. User/network analysis

c. Behavioral analysis

d. Log analysis

Behavioral analysis

Which data correlation analysis is founded on experience-based techniques and attempts to determine if an action will do something harmful if it is allowed to execute?

a. Heuristic analysis

b. Baseline analysis

c. Experiential analysis

d. Experimental analysis

Heuristic analysis

Which data correlation analysis looks for a change or development over time to uncover a pattern?

a. Time series analysis

b. Trend analysis

c. Pattern analysis

d. Change analysis

Trend analysis

Binnington was asked to recommend an analysis method to determine if an attack has successfully penetrated the network. He decided upon an analysis that only looked at the header information of captured packets. What analysis method did he select?

a. Topology analysis

b. Anomaly analysis

c. Packet analysis

d. Protocol analysis

Protocol analysis

Jade has been reviewing why three recent attacks were able to bypass the IDS system. He has discovered that these attacks were previously unknown attacks (zero-day attacks). What type of analysis was the IDS performing?

a. Anomaly analysis

b. Signature analysis

c. Trend analysis

d. Behavioral analysis

Signature analysis

Aoibheann suspects that there may be infected devices on the network that are sending regular beacons to a threat actor's command and control (C&C) server. Which type of analysis would she use to determine if this is true?

a. Traffic analysis

b. Port analysis

c. Packet analysis

d. Probe analysis

Packet analysis

Khawla has been asked to install a packet analysis tool on a Linux Web server. Because this server does not do anything that is unnecessary in order to reduce the footprint that a threat actor could exploit, all applications on the server are command-line applications and there is no graphical user interface (GUI). Which tool would Khawla install?

a. Ethereal

b. Tcpdump

c. Network General

d. Sniffer

Tcpdump

Zuhal needs to install a packet analyzer that allows her to easily look at the contents of each packet. She wants a tool that is open source and has many advanced features, including in-depth filtering. Which tool should Zuhal install?

a. Wireshark

b. NetworkPlumber

c. NetDump

d. GrepFinder

Wireshark

Feivish has been asked to recommend a new network hardware device. This device needs to support a universal standard for system messages. What standard should the new device support?

a. NMAP

b. Syslog

c. NetFlow

d. ALLAD

Syslog

The CISO wants a single tool to consolidate real-time monitoring of security information and has asked Zelig to make a recommendation. What tool is he likely to recommend?

a. SIEM

b. Netflow analyzer

c. Packet tracer

d. Resource monitor

SIEM

Uri needs to analyze a Microsoft Windows firewall log to determine if the firewall processed a request but did not record it in the log. Which field would Uri look at?

a. Event

b. Action

c. INFO-EVENTS-LOST

d. Task

Action

What is deep packet inspection?

a. A network traffic analysis for security that extracts metadata from the network packets and then converts it into a readable format

b. The ability of Wireshark to drill down into the payload of a data packet

c. An analysis by DUMP-TCP on a Linux computer

d. A NetFlow analysis on a packet

A network traffic analysis for security that extracts metadata from the network packets and then converts it into a readable format.

Which of the following would be used to identify a DHCP issue?

a. Packet analysis

b. Protocol analysis

c. Traffic analysis

d. Wireless analysis

Packet analysis

Which tool would a threat actor use in malware to generate random dynamic URLs?

a. UIFE

b. DGA

c. SPIN

d. TCTA

DGA

Which of the following is NOT correct about an email header?

a. As email is transferred from MTA to MTA, information is added to the email header.

b. Email headers are encrypted to prevent someone from altering the contents.

c. The email header contains information about the sender, recipient, email's route through MTAs, and various authentication details.

d. Each MTA along the path adds its own information to the top of the email header.

Email headers are encrypted to prevent someone from altering the contents.

Which of the following is NOT correct about forwarding emails?

a. Corporations can be fined for allowing employees to forward emails.

b. Employees may "auto-forward" corporate emails to utilize enhanced spam filtering.

c. Forwarded emails may not be available for eDiscovery.

d. Unauthorized users could access forwarded emails.

Corporations can be fined for allowing employees to forward emails.

Which of the following email defenses uses a digital signature?

a. SPC

b. DKIM

c. XMARC

d. It depends on whether or not the email payload has been encrypted.

DKIM

Which of the following is a Microsoft Windows service that logs service records from various sources and stores them in a single collection?

a. Syslog

b. Event log

c. Win-Log

d. MS Log

Event log