Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CMP eRead > PBQ (SIEM) > Flashcards

PBQ (SIEM) Flashcards

(9 cards)

Start Studying
1
Q

Virus Signature alert on a desktop for a file named setup.exe

A

Antimalware
Antimalware software generates an alert when it detects a virus signature on a host system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Various nmap actions detected across multiple subnets

A

NIDS/NIPS
NID/NIPS generate alerts after detecting an automated port scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Entry in the Windows Event Viewer indicate a log-on with new credential that was allocated special privileges

A

System Logs
System Logs refer to entries in the windows event log that a sysadmin can leverage to provide information about the operating system and various applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Employee testimony indicates that they may have witnessed a breach in progress

A

Internal Personnel
Employees can provide feedback on breach timelines with information about anything they may have seen or witnessed that was out of the ordinary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Increased traffic across the network points to an attempted denial of service (DOS) attack

A

Network Flow Analyzers
Network analyzers provide high-level visibility into the volumes of traffic and protocols in use in the environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cryptographic hash of an important file no longer matches its known, accepted value

A

HIDS/HIPS
HIDS/HIPS can analyze has information of sensitive files to ensure file integrity. when a file is modified , the hash changes. This triggers an alert form HIDS/HIPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An entry in the firewall log indicates a dropped connection intended for a blocked port

A

Network Device Logs
Various network devices or appliances have multiple logs and reports that can alert on any actions taken inside the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Third-party research indicates a new threat that could be targeting your organization

A

CTI
Cyber threat intelligence (CTI) is an area of cybersecurity that focuses on collecting and analyzing information about current and potential attacks that threaten an organization’s or its asset safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What process aggregates and analyzes this data to investigate security incidents

A

SIEM
A Security Information and Event Management (SIEM) tool collects and analyzes log data and provides a single viewpoint for logs collected from many sources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CMP eRead (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions