What are parsing and data normalization all about?
12. Open Ended
30 seconds
1 pt
Metadata
13. Open Ended
30 seconds
1 pt
What are three types of Metadata?
14. Open Ended
30 seconds
1 pt
Give some examples of Contextual Metadata:
15. Open Ended
30 seconds
1 pt
Give some examples of Quantitative Metadata:
16. Open Ended
30 seconds
1 pt
Give some examples of Derived Metadata:
17. Open Ended
30 seconds
1 pt
Every log message is assigned a classification and common event based on the metadata extracted. What are the three classifications?
18. Open Ended
30 seconds
1 pt
Common Events
19. Open Ended
30 seconds
1 pt
Give an example of the sequence of description for the three Classification types down to the Common Event
20. Open Ended
30 seconds
1 pt
What is parsing?
21. Open Ended
30 seconds
1 pt
What are 4 types of normalization and SIEM can perform?
22. Open Ended
30 seconds
1 pt
A SIEM adds context to logs through what?
23. Open Ended
30 seconds
1 pt
Event correlation
24. Open Ended
30 seconds
1 pt
What is an event?
25. Open Ended
30 seconds
1 pt
What is the function of the System Monitor?
26. Open Ended
30 seconds
1 pt
What is the function of the Data Processor?
27. Open Ended
30 seconds
1 pt
What is the function of the Advanced Intelligence Engine (AI Engine)?
28. Open Ended
30 seconds
1 pt
What is an alert?
29. Open Ended
30 seconds
1 pt
Give 4 examples of common alerts:
30. Open Ended
30 seconds
1 pt
What is a report?
31. Open Ended
30 seconds
1 pt
Give two reasons for the creation of a report.
32. Open Ended
30 seconds
1 pt
For what does forensically sound data allow?
33. Open Ended
30 seconds
1 pt
Name 4 Forensically sound SIEM data storage principle:
34. Open Ended
30 seconds
1 pt
What are "alerts" referred to in LogRhythm?
35. Open Ended
30 seconds
1 pt
Name two types of SIEM responses.
36. Open Ended
30 seconds
1 pt
What are the LogRhythm SIEM detection tools?
37. Open Ended
30 seconds
1 pt
What are the LogRhythm SIEM analysis tools?
38. Open Ended
30 seconds
1 pt
What is the LogRhythm Siem response tool?
39. Open Ended
30 seconds
1 pt
CISO (chief information security officer)
40. Open Ended
30 seconds
1 pt
Security Architect
41. Open Ended
30 seconds
1 pt
SOC Manager
42. Open Ended
30 seconds
1 pt
Function of Network Monitors
43. Open Ended
30 seconds
1 pt
Function of the Platform Manager
44. Open Ended
30 seconds
1 pt
What is the Client Console?
45. Open Ended
30 seconds
1 pt
What is the function of lists?
46. Open Ended
30 seconds
1 pt
What is Threat Lifecycle Management workflow and its purpose?
47. Open Ended
30 seconds
1 pt
What are the 6 stages of detection and response?
48. Open Ended
30 seconds
1 pt
What is the purpose of cases?
49. Open Ended
30 seconds
1 pt
Name 9 duties an Administrator performs.
50. Open Ended
30 seconds
1 pt
Name 6 duties of an Analyst role.
51. Open Ended
30 seconds
1 pt
Name 2 critical skills that a LogRhythm Enterprise Administrator ideally possesses.
52. Open Ended
30 seconds
1 pt
Name 2 critical skills that a LogRhythm Analyst should ideally possess
53. Open Ended
30 seconds
1 pt
What mechanisms in LogRhythm are considered Data Collectors?
54. Open Ended
30 seconds
1 pt
Name the primary responsibility of the Administrator.
55. Open Ended
30 seconds
1 pt
What is considered a concerted effort between Enterprise LogRhythm, Analysts, and Administrators.
56. Open Ended
30 seconds
1 pt
What can analysts use to track an investigation and the eventual resolution of an incident.
57. Open Ended
30 seconds
1 pt
What is Machine Data Intelligence?
58. Open Ended
30 seconds
1 pt
What is Precision Search?
59. Open Ended
30 seconds
1 pt
Holistic Threat Detection
60. Open Ended
30 seconds
1 pt
Risk Based Monitoring
61. Open Ended
30 seconds
1 pt
How are SAO or Security Automation and Orchestration capabilities delivered?
62. Open Ended
30 seconds
1 pt
Give 6 CloudAI capabilities.
63. Open Ended
30 seconds
1 pt
What does the LogRhythm Unified Platform for Threat Lifecycle Management include?
64. Open Ended
30 seconds
1 pt
Purpose of the SIEM
65. Open Ended
30 seconds
1 pt
What are some customer benefits of using a SIEM?
66. Open Ended
30 seconds
1 pt
Function of User & Entity Behavior Analytics
67. Open Ended
30 seconds
1 pt
True or False: A single virtual data collector is capable of collecting and transmitting up to 10,000 messages per second from thousands of devices and cloud services.
68. Open Ended
30 seconds
1 pt
What are some of the regulatory frameworks that LogRhythm helps in a user staying compliant?
69. Open Ended
30 seconds
1 pt
In which phase of the Threat Lifecycle Management or TLM does Holistic Threat Detection take place?
70. Open Ended
30 seconds
1 pt
How does a LogRhythm File Integrity Monitoring solution enhance a security operations center?
71. Open Ended
30 seconds
1 pt
What is the most vulnerable aspect of the Security Landscape?
72. Open Ended
30 seconds
1 pt
Web Console: Dashboards allow what functionality?
73. Open Ended
30 seconds
1 pt
Web Console: The Alarms page allows what functionality?
74. Open Ended
30 seconds
1 pt
Web Console: What is the functionality of Cases?
75. Open Ended
30 seconds
1 pt
Web Console: What is the functionality of Widgets?
76. Open Ended
30 seconds
1 pt
What are widgets?
77. Open Ended
30 seconds
1 pt
Web Console: What may need to be adjusted if you notice too many logs are being forwarded as events and causing unnecessary noise in your dashboard?
78. Open Ended
30 seconds
1 pt
Web Console: What's the Rate Chart?
79. Open Ended
30 seconds
1 pt
Web Console: Data Processing Trend does what?
80. Open Ended
30 seconds
1 pt
Web Console: Topics Charts?
81. Open Ended
30 seconds
1 pt
Web Console: Threat Activity Map?
82. Open Ended
30 seconds
1 pt
Web Console: Name three functions of the Analyzer Grid.
83. Open Ended
30 seconds
1 pt
Web Console: How do you open the Analyzer Grid?
84. Open Ended
30 seconds
1 pt
What does each row in the Analyzer Grid represent?
85. Open Ended
30 seconds
1 pt
What does each column in the Analyzer Grid represent?
86. Open Ended
30 seconds
1 pt
The Analyzer Grid allows for review and analysis of what two ypes of information?
87. Open Ended
30 seconds
1 pt
What is an Incident Timeline and its function?
88. Open Ended
30 seconds
1 pt
What does the Tail feature in the Web Console provide?
89. Open Ended
30 seconds
1 pt
Web Console: What is it mean to search with Lucene?
90. Open Ended
30 seconds
1 pt
By default how long is a report viewable in the Web Console?
91. Open Ended
30 seconds
1 pt
Where can an Administrator create a report?
92. Open Ended
30 seconds
1 pt
What are the only types of reports that can be run as a search?
93. Open Ended
30 seconds
1 pt
True or False: Audit and Compliance reports can be run as a search.
94. Open Ended
30 seconds
1 pt
By whom and where can SmartResponses be configured?
95. Open Ended
30 seconds
1 pt
Where can Playbooks be viewed, imported, and created?
96. Open Ended
30 seconds
1 pt
What are some questions for an analyst to answer with documentation?
97. Open Ended
30 seconds
1 pt
What are the 5 Documentation Metrics?
98. Open Ended
30 seconds
1 pt
Each metric measures the time it takes to move from one Threat Milestone to another. What are the 5 Threat Milestones:
99. Open Ended
30 seconds
1 pt
True or False: Some widgets are only available on certain pages, and for certain users.
100. Open Ended
30 seconds
1 pt
How does LogRhythm's CloudAI function?
101. Open Ended
30 seconds
1 pt
True or False: Learned and static whitelists and blacklists are established to create rules that trigger or corroborate alarms.
102. Open Ended
30 seconds
1 pt
Name multiple sources from where user data that is collected can come.
103. Open Ended
30 seconds
1 pt
Identify a market differentiator of the LogRhythm UEBA solution.
104. Open Ended
30 seconds
1 pt
True or False: The primary objective for security analytics solutions is to improve the ability to detect, contain, and remediate advanced attacks and insider threats.
105. Open Ended
30 seconds
1 pt
LogRhythm labs concentrates on four main areas.
106. Open Ended
30 seconds
1 pt
What are the most critical segments of the LogRhythm ecosystem?
107. Open Ended
30 seconds
1 pt
Out of the box, about how many devices does LogRhythm support across key segments within the security space?
108. Open Ended
30 seconds
1 pt
What is the primary focus behind any and all decisions made at LogRhythm?
109. Open Ended
30 seconds
1 pt
Why should a customer choose LogRhythm
110. Open Ended
30 seconds
1 pt
Once an incident occurs, what are the most critical next steps?
111. Open Ended
30 seconds
1 pt
What are the three segments of the LogRhythm Security Intelligence Platform?
112. Open Ended
30 seconds
1 pt
Name 4 services the LogRhythm Security Intelligence Platform provides the customer?
113. Open Ended
30 seconds
1 pt
Where does the majority of breach evidence reside?
114. Open Ended
30 seconds
1 pt
What is LogRhythm's True Time?
115. Open Ended
30 seconds
1 pt
What are the three categories that data is placed, which allows identification at a high level?
116. Open Ended
30 seconds
1 pt
Machine learning learns and creates profiles for what three areas?
117. Open Ended
30 seconds
1 pt
For what does statistical analysis primarily look?
118. Open Ended
30 seconds
1 pt
What are some ways Smart Response technology can mitigate a threat?
119. Open Ended
30 seconds
1 pt
Name the two areas of LogRhythm Input
120. Open Ended
30 seconds
1 pt
Name the 3 areas of LogRhythm's Analytics.
121. Open Ended
30 seconds
1 pt
Name the two areas of LogRhythm Output.
122. Open Ended
30 seconds
1 pt
How is LogRhythm able to perform Data Acquisition?
123. Open Ended
30 seconds
1 pt
Name three aspect of Endpoint Monitoring.
124. Open Ended
30 seconds
1 pt
True or False: LogRhythm is able to extract and tag log messages.
125. Open Ended
30 seconds
1 pt
What are the 6 phases of LogRhythm's Cyber Attack Lifecycle?
126. Open Ended
30 seconds
1 pt
Name 5 obstacles for security teams to accomplish their goal of decreased MTTD.
127. Open Ended
30 seconds
1 pt
What are the 5 key differentiators of the Threat Lifecycle Management?
128. Open Ended
30 seconds
1 pt
What are the three components of UEBA?
129. Open Ended
30 seconds
1 pt
What does the CloudAI detect?
130. Open Ended
30 seconds
1 pt
What is Cloud AI?
131. Open Ended
30 seconds
1 pt
What is the AI Engine?
132. Open Ended
30 seconds
1 pt
Recognizing multiple related AIE Events within a short period of time as a potential threat is an example of what UEBA technique?
133. Open Ended
30 seconds
1 pt
What are three advantages of a Cloud Solution?
134. Open Ended
30 seconds
1 pt
Give the steps needed to set up CloudAI.
135. Open Ended
30 seconds
1 pt
True or False: TrueIdentify is not needed for CloudAI.
136. Open Ended
30 seconds
1 pt
True or False: Collecting key logs for CloudAI is an important step for best practice.
137. Open Ended
30 seconds
1 pt
True or False: The UEBA module in the knowledge database does not use CloudAI logs.
138. Open Ended
30 seconds
1 pt
True or False: The number of identities monitored does not have to be equal to or less than the number of identities purchased
139. Open Ended
30 seconds
1 pt
True or False: User access does not have to be granted when setting up CloudAI
140. Open Ended
30 seconds
1 pt
True or False: The UEBA module in the knowledge database and CloudAI are both part of the LogRhythm UEBA Solution
141. Open Ended
30 seconds
1 pt
True or False: Data access complies with SOC 2 standard.
142. Open Ended
30 seconds
1 pt
Who manages the physical security of CloudAI?
143. Open Ended
30 seconds
1 pt
Appliances: All-in-One (XM)
144. Open Ended
30 seconds
1 pt
Appliances: Dedicated Platform Manager (PM)
145. Open Ended
30 seconds
1 pt
Appliances: Dedicated Data Processor (DP)
146. Open Ended
30 seconds
1 pt
Appliances: Dedicated Data Indexer (DX)
147. Open Ended
30 seconds
1 pt
Appliances: Dedicated AI Engine (AIE)
148. Open Ended
30 seconds
1 pt
Appliances: Data Collector (DC)
149. Open Ended
30 seconds
1 pt
Appliances: Network Monitor (NM)
150. Open Ended
30 seconds
1 pt
Show Appliance Acronyms
151. Open Ended
30 seconds
1 pt
Appliances: Naming Convention
LR-XM4510
152. Open Ended
30 seconds
1 pt
Name some LR Appliance Benefits
153. Open Ended
30 seconds
1 pt
LR Clustering Advantages
154. Open Ended
30 seconds
1 pt
True or False: LR appliances utilize a building block approach to architecture to maximize flexibility.
155. Open Ended
30 seconds
1 pt
LADD or LR Architectural Discovery Document
156. Open Ended
30 seconds
1 pt
Computer requirements for using the LADD
157. Open Ended
30 seconds
1 pt
What are the LADD's three main sections?
158. Open Ended
30 seconds
1 pt
True or False: HA is available in Public Cloud.
159. Open Ended
30 seconds
1 pt
True or False: With LR Forensic Analytics there is no new search syntax required, which means there is a quick learning curve.
160. Open Ended
30 seconds
1 pt
In the WebUI name the tabs on the page.
161. Open Ended
30 seconds
1 pt
In LR what allows analysts to see what risk is most important to an organization.
162. Open Ended
30 seconds
1 pt
What is an important action that security analysts can complete from the dashboards tab in the WebUI?
163. Open Ended
30 seconds
1 pt
In the WebUI which tab gives you access to a subset of the metadata for monitored identities?
164. Open Ended
30 seconds
1 pt
Which Tab in WebUI is mainly used for compliance purposes?
165. Open Ended
30 seconds
1 pt
True or False: If an organization exceeds their license, LR will drop message rates and log data.
166. Open Ended
30 seconds
1 pt
Which widget allows you to investigate details of events impacting a specific area?
167. Open Ended
30 seconds
1 pt
What kind of investigation should you use to identify suspicious user failed login activity?
168. Open Ended
30 seconds
1 pt
True or False: The 'Save' icon will turn green when changes are made reminding you to save.
169. Open Ended
30 seconds
1 pt
In the Threat Activity map what color represents Impacted locations?
170. Open Ended
30 seconds
1 pt
Explain a Structured Search
171. Open Ended
30 seconds
1 pt
Explain a Precision Search
172. Open Ended
30 seconds
1 pt
Which filter is used to do an unstructured search?
173. Open Ended
30 seconds
1 pt
Give a scenario when you would us a Structured Search?
174. Open Ended
30 seconds
1 pt
What is the main benefit of a precision search?
175. Open Ended
30 seconds
1 pt
True or False: Predefined searches, such as compliance searches, cost extra.
176. Open Ended
30 seconds
1 pt
What search would you use in order to determine who is creating accounts in an environment?
177. Open Ended
30 seconds
1 pt
What are the three methods for creating a case?
178. Open Ended
30 seconds
1 pt
How do you add a comment to a case?
179. Open Ended
30 seconds
1 pt
What is the importance of creating a Case?
180. Open Ended
30 seconds
1 pt
What provides automated remediation actions?
181. Open Ended
30 seconds
1 pt
How do you link cases together that ae related to each other?
182. Open Ended
30 seconds
1 pt
In the Metrics Dialogue box, what is visibly tracked and reported?
183. Open Ended
30 seconds
1 pt
Explain the Threat Hunter work flow.
184. Open Ended
30 seconds
1 pt
Explain the SOC 1 Analyst work flow.
185. Open Ended
30 seconds
1 pt
What is the main goal of both Threat Hunters and SOC 1 Analysts?
186. Open Ended
30 seconds
1 pt
What is an example of why a user could be listed on 'HR Watchlist'?
187. Open Ended
30 seconds
1 pt
True or False: The megagrid updates with the dashboard.
188. Open Ended
30 seconds
1 pt
Where can a SOC 1 Analyst begin looking for indicators of compromise?
189. Open Ended
30 seconds
1 pt
What is essential to Threat Hunting?
190. Open Ended
30 seconds
1 pt
Give 6 Features/ Benefits of the LR UEBA solution.
191. Open Ended
30 seconds
1 pt
What does LR's Machine Data Intelligence (MDI) Fabric do?
192. Open Ended
30 seconds
1 pt
What are some unique data features that enable effective analytics?
193. Open Ended
30 seconds
1 pt
Give some benefits of LR's Scenario Analytics.
194. Open Ended
30 seconds
1 pt
Give some benefits of LR's Behavior Analytics
195. Open Ended
30 seconds
1 pt
Give some benefits of LR's Threat Hunting Visualizations
196. Open Ended
30 seconds
1 pt
Name three tools used by CloudAI in LR's UEBA that helps detect advanced threats.
197. Open Ended
30 seconds
1 pt
What are the two segments of UEBA?
198. Open Ended
30 seconds
1 pt
What does a LR UEBA solution subscription entail?
199. Open Ended
30 seconds
1 pt
What are required log sources with LR UEBA?
200. Open Ended
30 seconds
1 pt
Splunk Implementation Details
201. Open Ended
30 seconds
1 pt
ArcSight Implementation Details
202. Open Ended
30 seconds
1 pt
True or False: LogRhythm can monitor activities that may not be logged like network connections opening and closing on a host, processes starting and stopping and can perform File Integrity Monitoring (FIM) to understand who accesses, modifies, or changes permissions on a file.
203. Open Ended
30 seconds
1 pt
What are the components of the LogRhythm Platform?
204. Open Ended
30 seconds
1 pt
For what are Message Processing Engine's (MPEs) responsible?
205. Open Ended
30 seconds
1 pt
What are the three Classification Types?
206. Open Ended
30 seconds
1 pt
Storage Arrays?
207. Open Ended
30 seconds
1 pt
Name the Rule Block Types for AI Engine rules.
208. Open Ended
30 seconds
1 pt
What is the LR Warm Data Indexer (DXW)?
209. Open Ended
30 seconds
1 pt
Name the databases included in the Platform Manager.
210. Open Ended
30 seconds
1 pt
What components are included in the XM appliance?
211. Open Ended
30 seconds
1 pt
Max Processing Rate?
212. Open Ended
30 seconds
1 pt
Peak Rate?
213. Open Ended
30 seconds
1 pt
Sustained Rate
214. Open Ended
30 seconds
1 pt
Oversubscription
215. Open Ended
30 seconds
1 pt
Where do the logs that are over the subscription rate go?
216. Open Ended
30 seconds
1 pt
True or False: LR's licenses are sold based on average MPS or Messages Per Second over 24 hours.
217. Open Ended
30 seconds
1 pt
LR recommends what kind of sizing for new deployments?
218. Open Ended
30 seconds
1 pt
What are the two types of SysMon licenses?
219. Open Ended
30 seconds
1 pt
What logs are almost always the busiest and typically in every deployment?
220. Open Ended
30 seconds
1 pt
True or False: Log processing is performed by the Mediator's Message Processing Engine on the Data Processor or DP.
221. Open Ended
30 seconds
1 pt
How long is data retained on the Data Indexer or DX?
222. Open Ended
30 seconds
1 pt
What component evaluates data using complex pattern-matching and behavioral analysis to correlate data across logs?
223. Open Ended
30 seconds
1 pt
What appliance is responsible for Case and Event management, Alarming, Reporting, notifications, scheduled jobs, and the configuration of the LogRhythm Platform?
224. Open Ended
30 seconds
1 pt
LR's NextGen SIEM Platform is architected for both vertical and horizontal scaling using multiple appliances to handle what aspects of data?
225. Open Ended
30 seconds
1 pt
True or False: There can be multiple active Platform Manager appliances in a LR deployment.
226. Open Ended
30 seconds
1 pt
True or False: The Max Processing Rate is defined as the max rate at which logs can be collected, archived, and processed by a component while achieving the max indexing rate.
227. Open Ended
30 seconds
1 pt
Explain a HA solution?
228. Open Ended
30 seconds
1 pt
Explain a Disaster Recovery or DR solution.
229. Open Ended
30 seconds
1 pt
Dark Spare unit
230. Open Ended
30 seconds
1 pt
SIOS or Software for Innovative Open Solutions
231. Open Ended
30 seconds
1 pt
What is the min and max number of nodes in a Indexing cluster?
232. Open Ended
30 seconds
1 pt
Give some Key HA Requirements
233. Open Ended
30 seconds
1 pt
Recovery Point Objective or RPO
234. Open Ended
30 seconds
1 pt
Recovery Time Objective or RTO
235. Open Ended
30 seconds
1 pt
Give some key Disaster Recovery Requirements
236. Open Ended
30 seconds
1 pt
What are three organization types that might utilize multiple AI Engines?
237. Open Ended
30 seconds
1 pt
In a Co-Managed scenario what are the responsibilities of the MSSP staff?
238. Open Ended
30 seconds
1 pt
Where do LR offices reside?
239. Open Ended
30 seconds
1 pt
What are the three support levels offered by LR?
240. Open Ended
30 seconds
1 pt
What does the KB or Knowledge Base module include:
241. Open Ended
30 seconds
1 pt
On what threats is the LR KB module focused?
242. Open Ended
30 seconds
1 pt
Name some common KB Modules Objects.
243. Open Ended
30 seconds
1 pt
With what does LR's HA solutions meet the requirements of organizations that need access to log and event data at all times?
244. Open Ended
30 seconds
1 pt
LR Labs team performs what duties.
245. Open Ended
30 seconds
1 pt
Name 3 items visualized in the Node Link graph widget