Manage Security Risks: Quiz 6

A log is a record of ev_________ that occur within an organization's systems and networks. Security analysts access a variety of logs from different sources. Three common log sources include fir_________logs, net_________ logs, and ser_________ logs.

A firewall log is a record of attempted or established con________ for incoming traffic from the internet. It also includes outbound requests to the internet from within the network.

A network log is a record of all computers and devices that ent________ and leave the net________. It also records con________ between devices and services on the network.

A server log is a record of events related to services such as websites, emails, or file shares. It includes actions such as login, password, and username requests.

SIEM, tool is an application that collects and analyzes log data to monitor critical activities in an organization. It provides re_____-ti_____ visibility, event monitoring and analysis, and auto_____ alerts. It also stores all log data in a centralized location.

Because SIEM tools index and minimize the number of logs a security professional must manually review and analyze, they increase efficiency and save time.

But, SIEM tools must be configured and customized to meet each organization's unique security needs. As new threats and vulnerabilities emerge, organizations must continually customize their SIEM tools to ensure that threats are detected and quickly addressed.

SIEM tools can also be used to create dashboards. SIEM dashboards also provide stakeholders with different met________. met________ are key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application.

Splunk Enterprise, Splunk Cloud, and Chronicle are common

???? tools that many organizations use to help protect their data and systems.

spl_____ is a data analysis platform and spl_____ Enterprise provides SIEM solutions.

spl_____ Enterprise is a self-hosted tool used to retain, analyze, and search an

organization's log data to provide security information and alerts in real-time.

spl_____ Cloud is a cloud-hosted tool used to collect, search, and monitor log data.

spl_____ Cloud is helpful for organizations running hybrid or cloud-only environments,

where some or all of the organization's services are in the cloud.

chro_________ is a cloud-native tool designed to retain, analyze, and search data. chro_________ provides log monitoring, data analysis, and data collection. Like cloud-hosted tools, cloud-native tools are also fully maintained and managed by the vendor. But cloud-native tools are specifically designed to take full advantage of cloud computing capabilities such as availability, flexibility, and scalability.