What is the purpose of Tor?
What is the purpose of Tor? Explanation: Tor is a software platform and network of peer-to-peer (P2P) hosts that function as routers. Users access the Tor network by using a…
Which technique would a threat actor use to disguise traces of an ongoing exploit?
Which technique would a threat actor use to disguise traces of an ongoing exploit? Explanation: The Network Time Protocol (NTP) uses a hierarchy of time sources to provide a consistent…
Which type of attack is carried out by threat actors against a network to determine which IP addresses, protocols, and ports are allowed by ACLs?
Explanation: Packet filtering ACLs use rules to filter incoming and outgoing traffic. These rules are defined by specifying IP addresses, port numbers, and protocols to be matched. Threat actors can…
Which tool is a Security Onion integrated host-based intrusion detection system?
Explanation: OSSEC is a host-based intrusion detection system (HIDS) that is integrated into Security Onion and actively monitors host system operation.
Which NIDS tool uses a signature-based approach and native multithreading for alert detection?
Explanation: Suricata is a NIDS tool that uses a signature-based approach. It also uses native multithreading, which allows the distribution of packet stream processing across multiple processor cores.
Which tool included in Security Onion is an interactive dashboard interface to Elasticsearch data?
Explanation: Kibana is an interactive dashboard interface to Elasticsearch data. It allows querying of NSM data and provides flexible visualizations of that data. It provides data exploration and machine learning…
Which tool is included with Security Onion that is used by Snort to automatically download new rules?
Explanation: PulledPork is a rule management utility included with Security Onion to automatically download rules for Snort.
What is the host-based intrusion detection tool that is integrated into Security Onion?
Explanation: Integrated into the Security Onion, OSSEC is a host-based intrusion detection system (HIDS) that can conduct file integrity monitoring, local log monitoring, system process monitoring, and rootkit detection.
True or False? A benign event should trigger an alert.
Explanation: A benign event should not trigger an alert.
Which type of alert is it when an alert is received, and an exploit has been verified?
true positive true negative false positive false negative