BCB2304 CYBER SECURITY AND SIEM UNIT- I Question Bank

2 Mark Questions
[Link] Questions CO BTL
1 Explain the SIEM and its workflow. 1 2
2 What are key components of SIEM? 1 2
3 What is the process of SIEM? 1 2
4 What are the fields present in a log record? 1 2
5 What is a log record? 1 2
6 What is an event? 1 2
7 What are the various event types? 1 2
8 What are the various types of logs? 1 2
9 What are the sources of log? 1 2
10 What is the need for logs? 1 2
11 How do you maintain integrity of a log? 1 2
12 What are the logs important for security? 1 2
13 Why are system logs important? 1 2
14 What is the purpose of security logs? 1 2
15 Discuss application logs? 1 2

6- and 10-Marks Questions

[Link] Questions CO BTL

1 What is a log? What are the various fields present in a log record? 1 2
2 Discuss most critical Windows security event IDs 1 2
3 What is an event? What are the various event types? 1 2
4 Discuss the five Ws in log management 1 2
5 Discuss Event Lifecycle? 1 2
6 Discuss about logs and different types of logs in SIEM? 1 2
7 Explain in detail about windows event logs? 1 2
8 What are windows logs? Briefly explain each category of windows log? 1 2
9 What are system logs? Give any two example? 1 2
10 Discuss different types of security logs? 1 2
11 What is a log composed of? Why are logs essential? 1 2
12 Discuss how to analyse problems using Windows Event logs 1 2
with their elements and the types of events.
BCB2304 CYBER SECURITY AND SIEM UNIT- II Question Bank

2 Mark Questions
[Link] Questions CO BTL
1 Why is it important to read firewall logs daily? 2 2
2 How do you analyze firewall logs? 2 2
3 What do IIS logs contain? 2 2
4 What are the requirements a logging policy should meet? 2 2
5 What is the use of VAR log messages? 2 2
6 What is the Kernel ring buffer? 2 2
7 Discuss Apache Logging process 2 2
8 Illustrate about Log4Shell 2 2
9 Explain Logger command 2 2
10 What is a log file? 2 2
11 Name any two log file formats? 2 2
12 Expand JNDI and write syntax of JNDI 2 2

6- and 10-Marks Questions

[Link] Questions CO BTL

1 Explain Operating System Logs? 2 2
2 Mention various log files locations? Explain the purposes of log files? 2 2
3 Discuss any five mail error code 2 2
4 Discuss any five HTTP error code 2 2
5 Discuss Common Log Format with an example? 2 2
6 Explain Apache Log-Related modules? 2 2
7 Illustrate how to View, Locate and Analyze Access & Error Logs 2 2
8 Explain about JSON log format with syntax and example 2 2
9 Discuss Log4J exfiltration attack scenario 2 2
10 How to setup firewall logs? 2 2
11 Discuss Log4J related CVE’s? 2 2
BCB2304 CYBER SECURITY AND SIEM UNIT- III Question Bank
2 Mark Questions
[Link] Questions CO BTL
1 What is log management? 3 2
2 What is SYSLOG? 3 2
3 What are the requirements a logging policy should meet? 3 2
4 What are the goals Of Security Controls? 3 2
5 What is the importance of archived logging? 3 2
6 What are the benefits of archiving? 3 2
7 What is Log Indexing? 3 2

6- and 10-Marks Questions

[Link] Questions CO BTL

1 What is Syslog? List the Components of Syslog Servers 3 2
2 Illustrate the Log indexing and rotation for optimized archival? 3 2
3 Discuss Log rotation using utility Log rotate? 3 2
4 Discuss any one log analyser tool? 3 2
5 i) Create a new project directory and a new python file named 3 2
‘[Link]‘. Import the logging module and configure the root logger
to the level of ‘debug’ messages. Log an ‘info’ message with the text:
“This is root logger’s logging message!”.
ii) Configure the root logger to format the message “This is root
logger’s logging message!” as the following:

#> 2019-03-03 [Link],703 :: INFO :: Module <stdin> :: Line No 1 :: This is

root logger's logging message!

6 i) Create another python file in the same directory called ‘[Link]‘ 3 2

and create a new logger bearing the module’s name. Configure it to
the level of ‘error’ messages and make it send the log outputs to a file
called “mymod_{current_date}.log”.

ii)From ‘mymod’ logger created above, log the following ‘critical’

message to the said log file: “This is a critical message!. Don’t ignore
it”.

7 3 2
Discuss log archiving methodology? Explain different security controls?

8 3 2
Consider a scenario when all the service and custom logs of your ubuntu
server gets backed up on S3 on a daily basis after compressing them and
 the allocated space is freed without using any third-party software. Discuss
this task by the use of logrotate utility provided by the ubuntu server.

9 i) Assume your username is buddha, and you would like to enter a message 3 2
into the syslog about a particularly delicious pizza you're eating
Specify a tag the messages come from and redirect the output standard
error.

ii) Write the script on the machine butters to gives the following results:

1)Announce what this script is, even to the log

2)Test for the existence of Fred's home directory /home/fred on this
machine.
10 Illustrate the Logging Policies with the mandatory requirements and 3 2
suggested recommendations for several aspects of log management?
11 Discuss the idea of log, log management and log file analysis with 3 2
example?
12 Discuss different types of security controls and its related control 3 2
functions?
13 Discuss how to store logs, parses it, and builds reports by grouping or 3 2
filtering the extracted data with the help of log analyser tool.
14 What are the challenges in managing logs? Discuss with an example? 3 2
15 How to Collect, Customize, and Centralize Python Logs 3 3
BCB2304 CYBER SECURITY AND SIEM UNIT- IV Question Bank
2 Mark Questions
[Link] Questions CO BTL
[Link] Questions CO BTL
1 Explain the methods of Correlation 4 2
2 Explain Push & Pull mechanism? 4 2
3 Discuss the benefits of Centralizing Logs 4 2
4 Explain about logs parsing? 4 2
5 State rule engine concept with an example 4 2
6 Write a pseudo-code rule to trigger from the events that make up 4 2
login/logoff activities.
7 What are correlation rules? 4 2
8 What is the purpose of collecting logs? 4 2

6- and 10-Marks Questions

[Link] Questions CO BTL

1 Discuss Log collection and its components 4 2
2 Explain the different types of log collection methods 4 2
3 Explain three different stages of Log parsing 4 2
4 Discuss the different ways that the SIEM can store its logs 4 2
5 Discuss built-in and custom parsing rules? 4 2
6 Discuss the stages in the anatomy of a SIEM 4 2
7 Discuss different steps in event correlation 4 2
8 Explain the various Event types in event correlation 4 2
9 Illustrate the order of rule engine processing events 4 2
10 Illustrate the process of event normalization in SIEM 4 2
11 Explain the concept of correlation engine with an example 4 2
12 What is a correlation engine? Explain pull log and push log collection? 4 2
13 Discuss parsing and normalization of logs? 4 2
BCB2304 CYBER SECURITY AND SIEM UNIT- V Question Bank
2 Mark Questions
[Link] Questions CO BTL
1 Define Service relationships 5 2
2 Write about Value Streams and Processes 5 2
3 Explain the principle Focus on value 5 2
4 Explain the SVC Design & Transition 5 2
5 Explain about the Service provision 5 2
6 Define PESTLE? 5 2
7 Why do we need to ‘Engage’ as part of the Service Value Chain? 5 2

6- and 10-Marks Questions

[Link] Questions CO BTL

1 Explain Service relationships & management with Service relationship 5 2
model
2 Discuss Co-creation of value and the nature of value with value model 5 2
3 Explain Four Dimension Model of IT Service Management 5 2
4 Explain in detail about the various components of ITIL Service Value 5 2
System (SVS)
5 Discuss the six service value chain activities 5 2
6 Explain about the seven ITIL guiding principles 5 2
7 Explain the design and transition activity of service value chain 5 2
8 Discuss the steps to apply the principle “Start where you are” 5 2
9 Discuss PESTLE factors with an example 5 2
10 Explain in detail about the Service Transition. 5 2
11 Discuss the Service Design: Principles, Process and its importance 5 2