All Coursera Quiz Answers

Sound the Alarm: Detection and Response Weekly challenge 4 Quiz Answers

In this article i am gone to share Coursera Course: Sound the Alarm: Detection and Response Weekly challenge 4 Quiz Answers with you..

Also Visit: Sound the Alarm: Detection and Response Weekly challenge 3 Quiz Answers


Sound the Alarm: Detection and Response Weekly challenge 4 Quiz Answers

Question 1)
Which software collects and sends logs to a security information and event management (SIEM) tool?
  • Intrusion detection system (IDS)
  • Network protocol analyzer
  • Forwarder
  • Firewall
Question 2)
Examine the following log:
LoginEvent[2021/10/13 10:32:08.958711] Regular user login 1
Which type of log is this?
  • Network
  • Location
  • Authentication
  • Application
Question 3)
Examine the following log:
“name”: “System test”,
“host”: “”,
“id”: 11111,
“Message”: [error] test,
Which log format is this log entry in?
  • CSV
  • XML
  • JSON
  • Syslog
Question 4)
What is the difference between a network-based intrusion detection system (NIDS) and a host-based intrusion detection system (HIDS)?
  • A NIDS logs and generates alerts. A HIDS system monitors endpoint activity.
  • A NIDS collects and monitors network traffic and network data. A HIDS monitors the activity of the host on which it is installed.
  • Both NIDS and HIDS monitor systems and generate alerts, but a NIDS use agents.
  • A NIDS monitors the activity of the host on which it is installed. A HIDS uses signature analysis to analyze network activity.
Question 5)
Which rule option is used to indicate the number of times a signature is updated?
  • tcp
  • sid
  • rev
  • msg
Question 6)
Examine this Suricata signature:
alert http any -> 80 (msg:”GET on wire”; flow:established,to_server; content:”GET”; sid:12345; rev:2;)
What is the destination port?
  • 80
  • 141
  • 12345
  • 2
Question 7)
Fill in the blank: Suricata uses the _____ format for event and alert output.
  • HTML
  • CEF
  • HTTP
Question 8)
Which querying language does Splunk use?
  • SIEM Processing Language
  • Structured Querying Language
  • Search Processing Language
  • Structured Processing Language
Question 9)
Which Unified Data Model (UDM) field search specifies a security action?
  • action
  • security_result.action
  • metadata.event_type
  • block
Question 10)
Which step in the SIEM process involves the processing of raw data into a standardized and structured format?
  • Index
  • Normalize
  • Collect
  • Process


Question 11)
What details do logs contain? Select all that apply.

  • Date
  • Location
  • Forwarder
  • Time

Question 12)
Examine the following log:
[2022/12/21 17:46:35.232748] NOTIFY: NetworkPropertiesUpdated: wifi_psk_13
Which type of log is this?

  • Application
  • Location
  • Authentication
  • Network

Question 13)
Fill in the blank: A syslog entry contains a header, _____, and a message.

  • eXtensible Markup Language
  • structured-data
  • object
  • tag

Question 14)
Fill in the blank: _____ analysis is a detection method used to find events of interest using patterns.

  • Signature
  • Network
  • Endpoint
  • Host

Question 15)
Which symbol is used to indicate a comment and is ignored in a Suricata signature file?

  • >
  • #
  • :
  • $

Question 16)
What is the difference between network telemetry and network alert logs?

  • Network telemetry is the output of a signature; network alert logs contain details about malicious activity.
  • Both provide information that is relevant for security analysts, but network alert logs contain network connection details.
  • Network telemetry contains information about network traffic flows; network alert logs are the output of a signature.
  • Network telemetry is output in EVE JSON format; network alert logs are output in HTML.

Question 17)
What is the method to search for normalized data in Chronicle?

  • YARA-L
  • Unified
  • UDM search
  • Raw log search

Question 18)
What is the difference between a log and log analysis?

  • A log is a record of events that occur within an organization’s systems. Log analysis is the process of examining logs to identify events of interest.
  • A log records details in log files. Log analysis involves a high-level overview of all events that happen on the network.
  • A log and log analysis both contain details of events, but they record details from different sources.
  • A log contains log file details. Log analysis involves the collection and storage of logs.

Question 19)
Examine the following log:

<111>1 2020-04-12T23:20:50.52Z evntslog – ID01 [user@98274 iut=”2″ eventSource=”Mobile” eventID=”24″][Priority@98274 class=”low”] Computer A

What field value indicates the type of device that this event originated from?

  • low
  • Computer A
  • Mobile

Question 20)
What are examples of common rule actions that can be found in signature? Select three answers.

  • Reject
  • Pass
  • Flow
  • Alert

Question 21)
Fill in the blank: SIEM tools _____ raw data so that it is formatted consistently.

  • normalize
  • ingest
  • collect

Question 22)
Which type of Splunk query searches through unstructured log records?

  • Reference search
  • UDM search
  • Raw log search
  • Index search

Question 23)
What information is included in a signature’s header? Select all that apply.

  • Action
  • Port number
  • Protocol
  • IP address

Question 24)
Which rule option is used to match based on the direction of network traffic?

  • message
  • flow
  • content
  • sid

Question 25)
Which type of log data does Suricata generate? Select all that apply.

  • Network telemetry
  • Protocol
  • Signature
  • Alert

Question 26)
Fill in the blank: The asterisk symbol is also known as a(n) _____.

  • label
  • wildcard
  • option
  • Boolean operator

Question 27)
What are the steps in the SIEM process for data collection? Select three answers.

  • Unify
  • Index
  • Normalize
  • Collect

Question 28)
Fill in the blank: Chronicle uses ______ to define detection rules.

  • SQL
  • YARA-L
  • SPL
  • UDM

Question 29)
Consider the following scenario:

A security analyst at a midsized company is tasked with installing and configuring a host-based intrusion detection system (HIDS) on a laptop. The security analyst installs the HIDS and wants to test whether it is working properly by simulating malicious activity. The security analyst runs unauthorized programs on the laptop, which the HIDS successfully detects and alerts on.

What is the laptop an example of?

  • An agent
  • An endpoint
  • A log forwarder
  • A signature

Question 30)
Which of the following refers to a record of events that occur within an organization’s systems?

  • Log sources
  • Logs
  • Log forwarder
  • Occurrences