Great News!
Many students who study using our platform have reported that a large number of the practice questions here are very similar to those that appear in real exams. View Courses
Many students who study using our platform have reported that a large number of the practice questions here are very similar to those that appear in real exams. View Courses
A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?
The correct answer is C. Integrate with an open-source threat intelligence feed.
To enhance the ability of the custom log collection and alerting tool (SIEM) to detect known attacks and behavioral indicators of compromise (IoCs), integrating with an open-source threat intelligence feed is an effective solution. Threat intelligence feeds provide up-to-date, curated lists of known attack signatures, IP addresses, file hashes, domain names, and other indicators that can be used to detect malicious activity. These feeds allow the SIEM tool to recognize and respond to known threats more effectively.
By integrating with such a feed, the custom SIEM tool can automatically cross-reference incoming logs with threat intelligence data, enabling it to detect known attacks and behaviors that have been observed in the wild.
Why the others are incorrect:
Randomly generate and store all possible file hash values: This approach is impractical and inefficient. Generating and storing all possible file hashes is not feasible and would generate an overwhelming amount of data, most of which would not be useful for detecting attacks. The focus should be on collecting relevant and known IoCs.
Create a default rule to alert on any change to the system: While this rule could be useful in some scenarios, it is too broad and could lead to a large number of false positives. It would not specifically address the detection of known attacks or behavioral IoCs, which require more targeted detection rules based on actual threat intelligence or attack patterns.
Manually add known threat signatures into the tool: Manually adding threat signatures could work, but it is not scalable or efficient. Threat landscapes evolve rapidly, and manually keeping track of and updating known threat signatures is time-consuming and error-prone. Integrating an automated threat intelligence feed is a more effective and sustainable solution.
No Payment Cards Needed
Discover a range of courses designed to provide you with the knowledge and skills needed to excel in your chosen field.
You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams
