Cyber treat Week5

.docx

School

Grand Rapids Community College *

*We aren’t endorsed by this school

Course

CYBER SECU

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

3

Uploaded by ConstableWildcatMaster401

Report
Congratulations! You passed! Grade received 98.48% Latest Submission Grade 98.48% To pass 80% or higher Go to next item 1. Question 1 True or False. SIEMs can be available on premises and in a cloud environment. 1 / 1 point True False Correct Correct! 2. Question 2 For a SIEM, what are logs of specific actions such as user logins referred to? 1 / 1 point Actions Events Logs Flows Correct Correct! 3. Question 3 Which of these describes the process of data normalization in a SIEM? 1 / 1 point Removes duplicate records from incoming data Indexes data records for fast searching and sorting Encrypts incoming data Compresses incoming Correct Correct! 4. Question 4 When a data stream entering a SIEM exceeds the volume it is licensed to handle, what are three (3) ways the excess data is commonly handled, depending upon the terms of the license agreement? (Select 3) 1 / 1 point The data stream is throttled to accept only the amount allowed by the license Correct Partially correct! The excess data is stored in a queue until it can be processed Correct Partially correct! The excess data is dropped Correct Partially correct! The data is processed and the license is automatically bumped up to the next tier. 5. Question 5
Which five (5) event properties must match before the event will be coalesced with other events? (Select 5) 0.8333333333333334 / 1 point Username Correct Partially correct! Source IP Correct Partially correct! Destination Port Correct Partially correct! Source Port This should not be selected Incorrect. Perhaps you should review the video SIEM Concepts and Benefits Destination IP Correct Partially correct! QID Correct Partially correct! 6. Question 6 What is the goal of SIEM tuning? 1 / 1 point To automatically resolve as many offenses as possible with automated actions To get the SIEM to present all recognized offenses to the investigators To increase the speed and efficency of the data processing so license caps are never exceeded. To get the SIEM to sort out all false-positive offenses so only those that need to be investigated are presented to the investigators Correct Correct! 7. Question 7 True or False. QRadar event collectors send all raw event data to the central event processor for all data handling such as data normalization and event coalescence. 1 / 1 point True False Correct Correct! 8. Question 8 The triad of a security operations centers (SOC) is people, process and technology. Which part of the triad would containment belong? 1 / 1 point People Process Technology None of the above Correct Correct!
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help