Define 10 of the following terms (total 10 points)

1)MTA
MTA is message transfer agent that is used in the internet message handling system.It responsibility is to
transfer and routing the e mail message from sender to receiver computer.it is basically the client/server
architecture. The main function is forward the message that would come to forward that message to
destination

2)SOC
The Security Operation Center (SOC) is a centralised role inside a company that use people, systems, and
technology to monitor and improve the security posture of the business while preventing, detecting,
analysing, and responding to cybersecurity incidents.

3)True positive
True positives are outputs from machine learning classification issues where a test observes a good and
a positive was also predicted. This is a component of the traditional confusion matrix, which experts use
as a model when describing a classification method.

4) Flow Data
The movement of data through a system made of software, hardware, or a mix of both is referred to as
dataflow. Dataflow is sometimes specified to use a model or diagram in which the complete process of
data movement is traced as it moves from one component to the next inside a programmer or system,
taking into account how the data changes form along the process.

5) Log aggregation
Log aggregation is a software function that consolidates log data from throughout the IT infrastructure,
including micro services, into a single centralized platform where it can be inspected and analyzed.
Additional functionality such as data normalization, log search, and complicated data analysis may be
supported by log aggregation software solutions. Log aggregation is only one component of a
comprehensive log management process that generates insightful information into application security
and performance.

6) False Positive
False positives arise when a scanning tool, web application firewall (WAF), or intrusion prevention
system (IPS) mistakenly flags a security vulnerability during software testing. False positives are
situations in which a testing phase fails yet there is no issue and the feature is operating properly.
Because false positives must be investigated, which may be a time-consuming procedure, they often
consume valuable IT capacity that could be used for more critical work.

7) Alert overload
When your security team is flooded with warnings regarding potential dangers to your system, alert
overload occurs.
The majority of alert overload is due to two issues:

Too many systems if every system notifies you to every potential hazard, notification levels rapidly
become unmanageable.
Inaccurate detection systems solutions that are unable to correctly identify threats produce a large
number of false positives.
8) Threat Intel
Threat intelligence, also known as cyber threat intelligence, is information that an organisation utilises
to understand the risks that have targeted, will target, or are presently attacking them. This data is used
to prepare for, prevent, and identify cyber threats seeking to exploit valuable resources.

9) IOC
In the forensics arena, an Indicators of Compromise (IOC) is commonly defined as evidence on a
computer that suggests that the network's security has been compromised. Investigators typically
collect this data after being notified of a suspicious incident, on a regular basis, or after discovering
unusual network call-outs. In an ideal world, this data would be used to develop "smarter" systems that
might recognize and quarantine questionable files in the future.

10)SEG
An SEG is designed to provide all-around protection against email-borne threats. An SEG must have the
following features: CDR (Content Disarm and Reconstruction): Email attachments may contain harmful
material.

Answer 4 of the following 5 questions (10 points each)

4. Describe the steps of a threat hunt. Provide an example use case and provide an example you’d take
at each step.