COURSE 2 – PLAY IT SAFE: MANAGE SECURITY RISKS

Module 3: Introduction to Cybersecurity Tools

GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE

Coursera Study Guide

Enroll in Coursera Google Cybersecurity Professional Certificate

TABLE OF CONTENT

INTRODUCTION – Introduction to Cybersecurity Tools

This course offers a deep dive into industry-leading Security Information and Event Management (SIEM) tools, essential for safeguarding business operations. Participants will gain hands-on experience with these tools, equipping them with the skills used by security professionals in the field. The curriculum provides insights into how entry-level security analysts effectively utilize SIEM dashboards as integral components of their daily responsibilities. This comprehensive exploration ensures that learners not only grasp theoretical concepts but also acquire practical proficiency, making it a valuable resource for those aspiring to navigate the dynamic landscape of cybersecurity.

Learning Objectives

  • Identify and define commonly used Security Information and Event Management (SIEM) tools.
  • Describe how SIEM tools are used to protect business operations.
  • Explain how entry-level security analysts use SIEM dashboards.

TEST YOUR KNOWLEDGE: SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) DASHBOARDS

1. Which log source records events related to websites, emails, and file shares, as well as password and username requests?

  • Server (CORRECT)
  • Receiving
  • Network
  • Firewall

Server logs record events related to websites, emails, and file shares. They include actions such as login requests, password and username requests, as well as the ongoing use of these services.

2. Fill in the blank: A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization.

  • emergency
  • event (CORRECT)
  • efficiency
  • employee

A security information and event management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools index and minimize the scope of logs a security professional should manually review and analyze.

3. A security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance?

  • Cloud tools
  • Metrics (CORRECT)
  • Models
  • Index standards

They are using metrics. Metrics are key technical attributes including response time, availability, and failure rate, which are used to assess the performance of a software application. SIEM dashboards can be customized to display relevant metrics.

4. Fill in the blank: SIEM tools must be configured and _____ to meet each organization’s unique security needs.

  • customized (CORRECT)
  • centralized
  • reviewed
  • indexed

SIEM tools must be configured and customized to meet each organization’s unique security needs

TEST YOUR KNOWLEDGE: IDENTIFY THREATS AND VULNERABILITIES WITH SIEM TOOLS

1. A security team wants some of its services to be hosted on the internet instead of local devices. However, they also need to maintain physical control over certain confidential data. What type of SIEM solution should they select?

  • Hybrid (CORRECT)
  • Self-hosted
  • Cloud-hosted
  • Remote

They should select a hybrid solution. Hybrid solutions use a combination of both self- and cloud-hosted SIEM tools to leverage the benefits of the cloud while maintaining physical control over confidential data.

2. Security information and event management (SIEM) tools provide dashboards that help cybersecurity professionals organize and focus their security efforts.

  • True (CORRECT)
  • False

SIEM tools provide dashboards that help cybersecurity professionals organize and focus their security efforts. This allows analysts to reduce risk by identifying, analyzing, and remediating the highest priority items in a timely manner.

3. Fill in the blank: A _____ SIEM tool is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability.

  • cloud-infrastructure
  • cloud-local
  • cloud-native (CORRECT)
  • cloud-hardware

A cloud-native SIEM tool, such as Chronicle, is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability.

4. What are the different types of SIEM tools? Select three answers.

  • Self-hosted (CORRECT)
  • Cloud-hosted (CORRECT)
  • Hybrid (CORRECT)
  • Physical

Feedback: The three different types of SIEM tools are self-hosted, cloud-hosted, and hybrid.

MODULE 3 CHALLENGE

1. Which of the following statements correctly describe logs? Select three answers.

  • A network log is a record of all computers and devices that enter and leave a network. (CORRECT)
  • A log is a record of events that occur within an organization’s systems and networks. (CORRECT)
  • Events related to websites, emails, or file shares are recorded in a server log. (CORRECT)
  • Actions such as using a username or password are recorded in a firewall log.

Correct

2. What are some of the key benefits of SIEM tools? Select three answers.

  • Monitor critical activities in an organization (CORRECT)
  • Provide visibility (CORRECT)
  • Store all log data in a centralized location (CORRECT)
  • Automatic updates customized to new threats and vulnerabilities

Correct

3. Fill in the blank: Software application _____ are technical attributes, such as response time, availability, and failure rate.

  • logs
  • SIEM tools
  • metrics (CORRECT) dashboards

Correct

4. A security team chooses to implement a SIEM tool that will be managed and maintained by the organization’s IT department, rather than a third-party vendor. What type of tool are they using?

  • Cloud-hosted
  • Hybrid
  • Department-hosted
  • Self-hosted (CORRECT)

Correct

5. You are a security professional, and you want a SIEM tool that will require both on-site infrastructure and internet-based solutions. What type of tool do you choose?

  • Hybrid (CORRECT)
  • Self-hosted
  • Component-hosted
  • Cloud-hosted

Correct

6. Fill in the blank: SIEM tools are used to search, analyze, and _____ an organization’s log data to provide security information and alerts in real-time.

  • retain (CORRECT)
  • release
  • modify
  • separate

Correct

7. Which tool provides a comprehensive, visual summary of security-related data, including metrics?

  • SIEM (CORRECT)
  • network protocol analyzer (packet sniffer)
  • Playbook
  • Command-line interface

Correct

8. Fill in the blank: _____ tools are often free to use.

  • Open-source (CORRECT)
  • Command-line
  • Proprietary
  • Cloud-hosted

Correct

9. What are some of the key benefits of SIEM tools? Select three answers.

  • Provide event monitoring and analysis (CORRECT)
  • Eliminate the need for manual review of logs
  • Collect log data from different sources (CORRECT)
  • Save time (CORRECT)

Correct

10. Fill in the blank: A security professional creates a dashboard that displays technical attributes about business operations called ______, such as incoming and outgoing network traffic.

  • metrics (CORRECT)
  • averages
  • logs
  • SIEM tools

Correct

11. A security team installs a SIEM tool within their company’s own infrastructure to keep private data on internal servers. What type of tool are they using?

  • Self-hosted (CORRECT)
  • Cloud-hosted
  • Infrastructure-hosted
  • Hybrid

Correct

12. You are a security analyst, and you want a security solution that will be fully maintained and managed by your SIEM tool provider. What type of tool do you choose?

  • Solution-hosted
  • Cloud-hosted (CORRECT)
  • Hybrid
  • Self-hosted

Correct

13. Fill in the blank: _____ are used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time.

  • network protocol analyzers (packet sniffers)
  • SIEM tools (CORRECT)
  • Playbooks
  • Operating systems

Correct

14. Which of the following statements correctly describes logs? Select three answers.

  • Actions such as login requests are recorded in a server log. (CORRECT)
  • Security teams monitor logs to identify vulnerabilities and potential data breaches. (CORRECT)
  • Outbound requests to the internet from within a network are recorded in a firewall log. (CORRECT)
  • Connections between devices and services on a network are recorded in a firewall log.

Correct

15. What are some of the key benefits of SIEM tools? Select three answers.

  • Increase efficiency (CORRECT)
  • Deliver automated alerts (CORRECT)
  • Minimize the number of logs to be manually reviewed (CORRECT)
  • Automatic customization to changing security needs

Correct

16.  A security team chooses to implement a SIEM tool that they will install, operate, and maintain using their own physical infrastructure. What type of tool are they using?

  • Self-hosted (CORRECT)
  • Log-hosted
  • Cloud-hosted
  • Hybrid

Correct

17. You are a security professional, and you want to save time by using a SIEM tool that will be managed by a provider and only be accessible through the internet. What type of tool do you choose?

  • Hybrid
  • Self-hosted
  • IT-hosted
  • Cloud-hosted (CORRECT)

Correct

18. A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity?

  • A network protocol analyzer (packet sniffer)
  • A SIEM tool dashboard (CORRECT)
  • An operating system
  • A playbook

Correct

19. Fill in the blank: The wide exposure and immediate access to the source code of open-source tools makes it _____ likely that issues will occur.

  • less (CORRECT)
  • equally
  • more
  • very

Correct

20. Which of the following statements Correctly describe logs? Select three answers.

  • Actions such as username requests are recorded in a network log.
  • SIEM tools rely on logs to monitor systems and detect security threats. (CORRECT)
  • A record of events related to employee logins and username requests is part of a server log. (CORRECT)
  • A record of connections between devices and services on a network is part of a network log. (CORRECT)

Correct

21. After receiving an alert about a suspicious login attempt, a security analyst can access their _____ to gather information about the alert.

  • network protocol analyzer (packet sniffer)
  • playbook
  • internal infrastructure
  • SIEM tool dashboard (CORRECT)

Correct

22. Which type of tool typically requires users to pay for usage?

  • Open-source
  • Cloud native
  • Self-hosted
  • Proprietary (CORRECT)

Correct

Previous Module
Next Module

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe