1. What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?

The Cisco Switched Port Analyzer (SPAN) feature allows traffic that is coming
into or out of a port to be copied to a different port so that it can be collected and analyzed.

2. What is the purpose of the Cisco NetFlow IOS technology?

NetFlow is a Cisco IOS technology that provides statistics on TCP/IP flows on the
network. Some of the capabilities of NetFlow include the following: network and security monitoring, network planning, traffic analysis, identification of network bottlenecks, and IP accounting for billing purposes.

3. Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?

A network tap is a common technology that is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and that forwards all traffic, including physical layer errors, to an analysis device.

4. Which network monitoring tool can provide a complete audit trail of basic information of all IP flows on a Cisco router and forward the data to a device?

NetFlow is a Cisco technology that provides statistics on packets flowing through a
Cisco router or multilayer switch.

5. What is a monitoring tool used for capturing traffic statistics?

NetFlow is used by some businesses to monitor the network and capture traffic
statistics to determine if the network is performing correctly.

6. Which capability is provided by the aggregation function in SIEM?

The aggregation function of SIEM reduces the volume of event data by
consolidating duplicate event records.

7. What is an essential function of SIEM?

SIEM provides real-time reporting and analysis of security events. SIEM provides
administrators with details on sources of suspicious activity such as user information, device location, and compliance with security policies.

8. Which SIEM function is associated with examining the logs and events of multiple systems to reduce the amount of time of detecting and reacting to security events?

SIEM provides administrators with details on sources of suspicious activity such as
user information, device location, and compliance with security policies. One of the essential functions of SIEM is correlation of logs and events from different systems in order to speed the detection and reaction to security events.

9. Which network monitoring capability is provided by using SPAN?

When enabled on a switch, SPAN or port mirroring, copies frames that are sent and
received by the switch and forwards them to another port, known as a Switch Port Analyzer port, which has a analysis device attached.

10. Which network tool uses artificial intelligence to detect incidents and aid in incident analysis and response?

SOAR works with SIEMs systems, where SIEM can detect a malicious activity and
SOAR helps to respond to the threat. SOAR has many functions and benefits, including these
abilities:
o The use of predefined playbooks to enable automatic response to specific threats
o The use of artificial intelligence to detect incidents and aid in incident analysis and response.

11. Which network monitoring tool allows an administrator to capture real-time network traffic and analyze the entire contents of packets?

Wireshark captures network traffic in real time. The capture enables the entire
contents of the packets to be analyzed including the frame, interface, packet information, and time stamps.

12. Which technology is an open source SIEM system?

There are many SIEM systems available to network administrators. The ELK suite is
an open source option.