What is the primary purpose of security monitoring?
Security monitoring helps detect suspicious activities, policy violations, and potential threats in real time.
Which tool is commonly used for network intrusion detection?
Intrusion detection systems (IDS) like Snort analyze network traffic for known attack signatures.
Why is log analysis important for incident detection?
Logs provide a historical record of events that help identify anomalies or breaches.
What is a SIEM system used for?
Security Information and Event Management (SIEM) systems collect and analyze security data across an organization.
Which type of alert indicates a true security incident?
A true positive is an alert that correctly identifies a real security threat.
Which protocol is commonly used for transmitting log messages?
Syslog is widely used to send log or event messages to a central server.
Loading Questions...
What is the function of anomaly-based detection?
Anomaly-based detection flags activities that deviate from the normal behavior baseline.
Which method helps reduce false positives in monitoring systems?
Tuning the alert thresholds and baselines can help reduce the number of false alerts.
Why is continuous monitoring important?
Continuous monitoring provides real-time visibility, allowing for immediate response to threats.