Have an account?
Skip to Content
Build your own quiz
Suggestions for you
245 questions
Show Answers
See Preview
- 1. Open EndedLog Source
- 2. Open Endedlog message
- 3. Open Endedraw logs
- 4. Open EndedData collection
- 5. Open EndedGive three Windows Security Log examples:
- 6. Open EndedGive three Windows System Log examples:
- 7. Open EndedGive three Windows Application Log examples:
- 8. Open EndedGive three Linux Critical Log examples:
- 9. Open EndedDetection
- 10. Open EndedWhat must happen first to enable Detection?
- 11. Open EndedWhat are parsing and data normalization all about?
- 12. Open EndedMetadata
- 13. Open EndedWhat are three types of Metadata?
- 14. Open EndedGive some examples of Contextual Metadata:
- 15. Open EndedGive some examples of Quantitative Metadata:
- 16. Open EndedGive some examples of Derived Metadata:
- 17. Open EndedEvery log message is assigned a classification and common event based on the metadata extracted. What are the three classifications?
- 18. Open EndedCommon Events
- 19. Open EndedGive an example of the sequence of description for the three Classification types down to the Common Event
- 20. Open EndedWhat is parsing?
- 21. Open EndedWhat are 4 types of normalization and SIEM can perform?
- 22. Open EndedA SIEM adds context to logs through what?
- 23. Open EndedEvent correlation
- 24. Open EndedWhat is an event?
- 25. Open EndedWhat is the function of the System Monitor?
- 26. Open EndedWhat is the function of the Data Processor?
- 27. Open EndedWhat is the function of the Advanced Intelligence Engine (AI Engine)?
- 28. Open EndedWhat is an alert?
- 29. Open EndedGive 4 examples of common alerts:
- 30. Open EndedWhat is a report?
- 31. Open EndedGive two reasons for the creation of a report.
- 32. Open EndedFor what does forensically sound data allow?
- 33. Open EndedName 4 Forensically sound SIEM data storage principle:
- 34. Open EndedWhat are "alerts" referred to in LogRhythm?
- 35. Open EndedName two types of SIEM responses.
- 36. Open EndedWhat are the LogRhythm SIEM detection tools?
- 37. Open EndedWhat are the LogRhythm SIEM analysis tools?
- 38. Open EndedWhat is the LogRhythm Siem response tool?
- 39. Open EndedCISO (chief information security officer)
- 40. Open EndedSecurity Architect
- 41. Open EndedSOC Manager
- 42. Open EndedFunction of Network Monitors
- 43. Open EndedFunction of the Platform Manager
- 44. Open EndedWhat is the Client Console?
- 45. Open EndedWhat is the function of lists?
- 46. Open EndedWhat is Threat Lifecycle Management workflow and its purpose?
- 47. Open EndedWhat are the 6 stages of detection and response?
- 48. Open EndedWhat is the purpose of cases?
- 49. Open EndedName 9 duties an Administrator performs.
- 50. Open EndedName 6 duties of an Analyst role.
- 51. Open EndedName 2 critical skills that a LogRhythm Enterprise Administrator ideally possesses.
- 52. Open EndedName 2 critical skills that a LogRhythm Analyst should ideally possess
- 53. Open EndedWhat mechanisms in LogRhythm are considered Data Collectors?
- 54. Open EndedName the primary responsibility of the Administrator.
- 55. Open EndedWhat is considered a concerted effort between Enterprise LogRhythm, Analysts, and Administrators.
- 56. Open EndedWhat can analysts use to track an investigation and the eventual resolution of an incident.
- 57. Open EndedWhat is Machine Data Intelligence?
- 58. Open EndedWhat is Precision Search?
- 59. Open EndedHolistic Threat Detection
- 60. Open EndedRisk Based Monitoring
- 61. Open EndedHow are SAO or Security Automation and Orchestration capabilities delivered?
- 62. Open EndedGive 6 CloudAI capabilities.
- 63. Open EndedWhat does the LogRhythm Unified Platform for Threat Lifecycle Management include?
- 64. Open EndedPurpose of the SIEM
- 65. Open EndedWhat are some customer benefits of using a SIEM?
- 66. Open EndedFunction of User & Entity Behavior Analytics
- 67. Open EndedTrue or False: A single virtual data collector is capable of collecting and transmitting up to 10,000 messages per second from thousands of devices and cloud services.
- 68. Open EndedWhat are some of the regulatory frameworks that LogRhythm helps in a user staying compliant?
- 69. Open EndedIn which phase of the Threat Lifecycle Management or TLM does Holistic Threat Detection take place?
- 70. Open EndedHow does a LogRhythm File Integrity Monitoring solution enhance a security operations center?
- 71. Open EndedWhat is the most vulnerable aspect of the Security Landscape?
- 72. Open EndedWeb Console: Dashboards allow what functionality?
- 73. Open EndedWeb Console: The Alarms page allows what functionality?
- 74. Open EndedWeb Console: What is the functionality of Cases?
- 75. Open EndedWeb Console: What is the functionality of Widgets?
- 76. Open EndedWhat are widgets?
- 77. Open EndedWeb Console: What may need to be adjusted if you notice too many logs are being forwarded as events and causing unnecessary noise in your dashboard?
- 78. Open EndedWeb Console: What's the Rate Chart?
- 79. Open EndedWeb Console: Data Processing Trend does what?
- 80. Open EndedWeb Console: Topics Charts?
- 81. Open EndedWeb Console: Threat Activity Map?
- 82. Open EndedWeb Console: Name three functions of the Analyzer Grid.
- 83. Open EndedWeb Console: How do you open the Analyzer Grid?
- 84. Open EndedWhat does each row in the Analyzer Grid represent?
- 85. Open EndedWhat does each column in the Analyzer Grid represent?
- 86. Open EndedThe Analyzer Grid allows for review and analysis of what two ypes of information?
- 87. Open EndedWhat is an Incident Timeline and its function?
- 88. Open EndedWhat does the Tail feature in the Web Console provide?
- 89. Open EndedWeb Console: What is it mean to search with Lucene?
- 90. Open EndedBy default how long is a report viewable in the Web Console?
- 91. Open EndedWhere can an Administrator create a report?
- 92. Open EndedWhat are the only types of reports that can be run as a search?
- 93. Open EndedTrue or False: Audit and Compliance reports can be run as a search.
- 94. Open EndedBy whom and where can SmartResponses be configured?
- 95. Open EndedWhere can Playbooks be viewed, imported, and created?
- 96. Open EndedWhat are some questions for an analyst to answer with documentation?
- 97. Open EndedWhat are the 5 Documentation Metrics?
- 98. Open EndedEach metric measures the time it takes to move from one Threat Milestone to another. What are the 5 Threat Milestones:
- 99. Open EndedTrue or False: Some widgets are only available on certain pages, and for certain users.
- 100. Open EndedHow does LogRhythm's CloudAI function?
- 101. Open EndedTrue or False: Learned and static whitelists and blacklists are established to create rules that trigger or corroborate alarms.
- 102. Open EndedName multiple sources from where user data that is collected can come.
- 103. Open EndedIdentify a market differentiator of the LogRhythm UEBA solution.
- 104. Open EndedTrue or False: The primary objective for security analytics solutions is to improve the ability to detect, contain, and remediate advanced attacks and insider threats.
- 105. Open EndedLogRhythm labs concentrates on four main areas.
- 106. Open EndedWhat are the most critical segments of the LogRhythm ecosystem?
- 107. Open EndedOut of the box, about how many devices does LogRhythm support across key segments within the security space?
- 108. Open EndedWhat is the primary focus behind any and all decisions made at LogRhythm?
- 109. Open EndedWhy should a customer choose LogRhythm
- 110. Open EndedOnce an incident occurs, what are the most critical next steps?
- 111. Open EndedWhat are the three segments of the LogRhythm Security Intelligence Platform?
- 112. Open EndedName 4 services the LogRhythm Security Intelligence Platform provides the customer?
- 113. Open EndedWhere does the majority of breach evidence reside?
- 114. Open EndedWhat is LogRhythm's True Time?
- 115. Open EndedWhat are the three categories that data is placed, which allows identification at a high level?
- 116. Open EndedMachine learning learns and creates profiles for what three areas?
- 117. Open EndedFor what does statistical analysis primarily look?
- 118. Open EndedWhat are some ways Smart Response technology can mitigate a threat?
- 119. Open EndedName the two areas of LogRhythm Input
- 120. Open EndedName the 3 areas of LogRhythm's Analytics.
- 121. Open EndedName the two areas of LogRhythm Output.
- 122. Open EndedHow is LogRhythm able to perform Data Acquisition?
- 123. Open EndedName three aspect of Endpoint Monitoring.
- 124. Open EndedTrue or False: LogRhythm is able to extract and tag log messages.
- 125. Open EndedWhat are the 6 phases of LogRhythm's Cyber Attack Lifecycle?
- 126. Open EndedName 5 obstacles for security teams to accomplish their goal of decreased MTTD.
- 127. Open EndedWhat are the 5 key differentiators of the Threat Lifecycle Management?
- 128. Open EndedWhat are the three components of UEBA?
- 129. Open EndedWhat does the CloudAI detect?
- 130. Open EndedWhat is Cloud AI?
- 131. Open EndedWhat is the AI Engine?
- 132. Open EndedRecognizing multiple related AIE Events within a short period of time as a potential threat is an example of what UEBA technique?
- 133. Open EndedWhat are three advantages of a Cloud Solution?
- 134. Open EndedGive the steps needed to set up CloudAI.
- 135. Open EndedTrue or False: TrueIdentify is not needed for CloudAI.
- 136. Open EndedTrue or False: Collecting key logs for CloudAI is an important step for best practice.
- 137. Open EndedTrue or False: The UEBA module in the knowledge database does not use CloudAI logs.
- 138. Open EndedTrue or False: The number of identities monitored does not have to be equal to or less than the number of identities purchased
- 139. Open EndedTrue or False: User access does not have to be granted when setting up CloudAI
- 140. Open EndedTrue or False: The UEBA module in the knowledge database and CloudAI are both part of the LogRhythm UEBA Solution
- 141. Open EndedTrue or False: Data access complies with SOC 2 standard.
- 142. Open EndedWho manages the physical security of CloudAI?
- 143. Open EndedAppliances: All-in-One (XM)
- 144. Open EndedAppliances: Dedicated Platform Manager (PM)
- 145. Open EndedAppliances: Dedicated Data Processor (DP)
- 146. Open EndedAppliances: Dedicated Data Indexer (DX)
- 147. Open EndedAppliances: Dedicated AI Engine (AIE)
- 148. Open EndedAppliances: Data Collector (DC)
- 149. Open EndedAppliances: Network Monitor (NM)
- 150. Open EndedShow Appliance Acronyms
- 151. Open EndedAppliances: Naming Convention LR-XM4510
- 152. Open EndedName some LR Appliance Benefits
- 153. Open EndedLR Clustering Advantages
- 154. Open EndedTrue or False: LR appliances utilize a building block approach to architecture to maximize flexibility.
- 155. Open EndedLADD or LR Architectural Discovery Document
- 156. Open EndedComputer requirements for using the LADD
- 157. Open EndedWhat are the LADD's three main sections?
- 158. Open EndedTrue or False: HA is available in Public Cloud.
- 159. Open EndedTrue or False: With LR Forensic Analytics there is no new search syntax required, which means there is a quick learning curve.
- 160. Open EndedIn the WebUI name the tabs on the page.
- 161. Open EndedIn LR what allows analysts to see what risk is most important to an organization.
- 162. Open EndedWhat is an important action that security analysts can complete from the dashboards tab in the WebUI?
- 163. Open EndedIn the WebUI which tab gives you access to a subset of the metadata for monitored identities?
- 164. Open EndedWhich Tab in WebUI is mainly used for compliance purposes?
- 165. Open EndedTrue or False: If an organization exceeds their license, LR will drop message rates and log data.
- 166. Open EndedWhich widget allows you to investigate details of events impacting a specific area?
- 167. Open EndedWhat kind of investigation should you use to identify suspicious user failed login activity?
- 168. Open EndedTrue or False: The 'Save' icon will turn green when changes are made reminding you to save.
- 169. Open EndedIn the Threat Activity map what color represents Impacted locations?
- 170. Open EndedExplain a Structured Search
- 171. Open EndedExplain a Precision Search
- 172. Open EndedWhich filter is used to do an unstructured search?
- 173. Open EndedGive a scenario when you would us a Structured Search?
- 174. Open EndedWhat is the main benefit of a precision search?
- 175. Open EndedTrue or False: Predefined searches, such as compliance searches, cost extra.
- 176. Open EndedWhat search would you use in order to determine who is creating accounts in an environment?
- 177. Open EndedWhat are the three methods for creating a case?
- 178. Open EndedHow do you add a comment to a case?
- 179. Open EndedWhat is the importance of creating a Case?
- 180. Open EndedWhat provides automated remediation actions?
- 181. Open EndedHow do you link cases together that ae related to each other?
- 182. Open EndedIn the Metrics Dialogue box, what is visibly tracked and reported?
- 183. Open EndedExplain the Threat Hunter work flow.
- 184. Open EndedExplain the SOC 1 Analyst work flow.
- 185. Open EndedWhat is the main goal of both Threat Hunters and SOC 1 Analysts?
- 186. Open EndedWhat is an example of why a user could be listed on 'HR Watchlist'?
- 187. Open EndedTrue or False: The megagrid updates with the dashboard.
- 188. Open EndedWhere can a SOC 1 Analyst begin looking for indicators of compromise?
- 189. Open EndedWhat is essential to Threat Hunting?
- 190. Open EndedGive 6 Features/ Benefits of the LR UEBA solution.
- 191. Open EndedWhat does LR's Machine Data Intelligence (MDI) Fabric do?
- 192. Open EndedWhat are some unique data features that enable effective analytics?
- 193. Open EndedGive some benefits of LR's Scenario Analytics.
- 194. Open EndedGive some benefits of LR's Behavior Analytics
- 195. Open EndedGive some benefits of LR's Threat Hunting Visualizations
- 196. Open EndedName three tools used by CloudAI in LR's UEBA that helps detect advanced threats.
- 197. Open EndedWhat are the two segments of UEBA?
- 198. Open EndedWhat does a LR UEBA solution subscription entail?
- 199. Open EndedWhat are required log sources with LR UEBA?
- 200. Open EndedSplunk Implementation Details
- 201. Open EndedArcSight Implementation Details
- 202. Open EndedTrue or False: LogRhythm can monitor activities that may not be logged like network connections opening and closing on a host, processes starting and stopping and can perform File Integrity Monitoring (FIM) to understand who accesses, modifies, or changes permissions on a file.
- 203. Open EndedWhat are the components of the LogRhythm Platform?
- 204. Open EndedFor what are Message Processing Engine's (MPEs) responsible?
- 205. Open EndedWhat are the three Classification Types?
- 206. Open EndedStorage Arrays?
- 207. Open EndedName the Rule Block Types for AI Engine rules.
- 208. Open EndedWhat is the LR Warm Data Indexer (DXW)?
- 209. Open EndedName the databases included in the Platform Manager.
- 210. Open EndedWhat components are included in the XM appliance?
- 211. Open EndedMax Processing Rate?
- 212. Open EndedPeak Rate?
- 213. Open EndedSustained Rate
- 214. Open EndedOversubscription
- 215. Open EndedWhere do the logs that are over the subscription rate go?
- 216. Open EndedTrue or False: LR's licenses are sold based on average MPS or Messages Per Second over 24 hours.
- 217. Open EndedLR recommends what kind of sizing for new deployments?
- 218. Open EndedWhat are the two types of SysMon licenses?
- 219. Open EndedWhat logs are almost always the busiest and typically in every deployment?
- 220. Open EndedTrue or False: Log processing is performed by the Mediator's Message Processing Engine on the Data Processor or DP.
- 221. Open EndedHow long is data retained on the Data Indexer or DX?
- 222. Open EndedWhat component evaluates data using complex pattern-matching and behavioral analysis to correlate data across logs?
- 223. Open EndedWhat appliance is responsible for Case and Event management, Alarming, Reporting, notifications, scheduled jobs, and the configuration of the LogRhythm Platform?
- 224. Open EndedLR's NextGen SIEM Platform is architected for both vertical and horizontal scaling using multiple appliances to handle what aspects of data?
- 225. Open EndedTrue or False: There can be multiple active Platform Manager appliances in a LR deployment.
- 226. Open EndedTrue or False: The Max Processing Rate is defined as the max rate at which logs can be collected, archived, and processed by a component while achieving the max indexing rate.
- 227. Open EndedExplain a HA solution?
- 228. Open EndedExplain a Disaster Recovery or DR solution.
- 229. Open EndedDark Spare unit
- 230. Open EndedSIOS or Software for Innovative Open Solutions
- 231. Open EndedWhat is the min and max number of nodes in a Indexing cluster?
- 232. Open EndedGive some Key HA Requirements
- 233. Open EndedRecovery Point Objective or RPO
- 234. Open EndedRecovery Time Objective or RTO
- 235. Open EndedGive some key Disaster Recovery Requirements
- 236. Open EndedWhat are three organization types that might utilize multiple AI Engines?
- 237. Open EndedIn a Co-Managed scenario what are the responsibilities of the MSSP staff?
- 238. Open EndedWhere do LR offices reside?
- 239. Open EndedWhat are the three support levels offered by LR?
- 240. Open EndedWhat does the KB or Knowledge Base module include:
- 241. Open EndedOn what threats is the LR KB module focused?
- 242. Open EndedName some common KB Modules Objects.
- 243. Open EndedWith what does LR's HA solutions meet the requirements of organizations that need access to log and event data at all times?
- 244. Open EndedLR Labs team performs what duties.
- 245. Open EndedName 3 items visualized in the Node Link graph widget
- Answer choicesTagsAnswer choicesTags