Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CySA+ CSO-003 > Analyzing your SIEM > Flashcards

Analyzing your SIEM Flashcards

(20 cards)

Start Studying
1
Q

The process of reviewing SIEM alerts to determine their severity and legitimacy.

A

Alert triage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Logs, events, and alerts used to reconstruct a timeline of attacker activity.

A

Security event reconstruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The process of identifying relationships between alerts across multiple systems.

A

Cross-log correlation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A SIEM feature that displays real-time dashboards of security trends and alerts.

A

Visual analytics interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A step-by-step method to confirm whether an alert represents a true incident.

A

Alert validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A SIEM insight where the same hash is seen across multiple hosts in a short period

A

Lateral movement indicator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Evidence in SIEM showing repeated attempts to access unauthorized resources.

A

Access violation pattern

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A method of grouping multiple related alerts into a single incident for investigation.

A

Alert aggregation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SIEM alert showing an application making outbound connections to a rare external IP.

A

Potential C2 communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SIEM alert showing an unusual number of login attempts in a short time frame.

A

Brute-force login indicator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A low-severity alert repeated over time that may indicate a stealthy attack.

A

Alert frequency anomaly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An alert triggered by activity during non-working hours from a privileged account.

A

Suspicious user behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An incident where exfiltrated data volume exceeds baseline values.

A

Data leakage detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The investigation of failed authentications followed by a successful login.

A

Possible compromised credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SIEM log entries showing the same user logging in from two countries within minutes.

A

Impossible travel anomaly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Alert involving registry modification, script execution, and outbound traffic from the same endpoint.

Study These Flashcards
A

Multi-stage attack correlation

9
Q

The SIEM function that assigns a risk score to assets or alerts based on context.

Study These Flashcards
A

Risk-based alerting

10
Q

Investigating a sudden spike in alerts from a single IP address.

Study These Flashcards
A

Source-focused investigation

11
Q

The use of threat intelligence feeds in SIEM to enrich log analysis.

Study These Flashcards
A

Contextual enrichment

12
Q

A known-good activity flagged incorrectly due to overly sensitive detection rules.

Study These Flashcards
A

False positive

CySA+ CSO-003 (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions