7.3.8 Testout Practice Questions; Security +
To optimize the enterprise security information and event management (SIEM) solution, a multinational 's chief information security officer (CISO) is strategizing. The SIEM system acquires data from diverse sources, including Linux and Windows servers, advanced switches, Next Generation Firewalls (NGFWs), and routers. Which feature should the CISO prioritize improving in the SIEM solution to standardize the data and enhance its searchability?
Augmenting the log correlation mechanism in the SIEM solution.
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?
Collectors
A manufacturing company's security manager plans to implement corrective operational controls to mitigate potential security threats. Which of the following instances would be the appropriate control?
Enabling continuous monitoring to disable abnormal accounts.
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
Endpoint DLP
A security operations analyst at a financial institution analyzes an incident involving unauthorized transactions. The analyst suspects that a malware infection on one of the endpoints might have led to the unauthorized access. To identify the root cause and trace the activities of the suspected malware, which combination of data sources should the analyst primarily consider?
Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.
Which of the following security orchestration, automation, and response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?
Playbook
Which of the following systems is able to respond to low-level security events without human assistance?
SOAR
After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive central processing unit (CPU) utilization?
Simple network management protocol (SNMP) trap.
Listen to exam instructions A network administrator at a large tech company has the task of enhancing the visibility into network traffic patterns in a distributed enterprise network. The administrator wants to implement a solution that captures metadata and statistics about network traffic without recording each frame, with the goal of improving the company's security measures. Which tool should the administrator consider implementing?
A NetFlow collector
A security analyst is optimizing a multinational company's security information and event management (SIEM) system. The system collects security event data from sources globally, and the analyst has noticed inconsistencies due to different time zones. What should the analyst consider to ensure a consistent timeline across all logs for accurate event correlation?
Adjusting the log aggregation process in the SIEM system to normalize date/time zone differences.
