KEMBAR78
Security Analyitics With Apache Metron | PDF | Parsing | Apache Hadoop
Scribd
Upload
23 views3 pages

Security Analyitics With Apache Metron

The document consists of a series of questions and answers related to Apache Metron, covering topics such as data processing, threat intelligence, and system components. Key points include the use of ElasticSearch, the role of Soltra as a threat intel feed aggregator, and the importance of data normalization in telemetry parsing. Additionally, it addresses various configurations, validation processes, and the integration of Stellar into Metron components.

Uploaded by

Jigar Desai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views3 pages

Security Analyitics With Apache Metron

The document consists of a series of questions and answers related to Apache Metron, covering topics such as data processing, threat intelligence, and system components. Key points include the use of ElasticSearch, the role of Soltra as a threat intel feed aggregator, and the importance of data normalization in telemetry parsing. Additionally, it addresses various configurations, validation processes, and the integration of Stellar into Metron components.

Uploaded by

Jigar Desai
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

1.

ElasticSearch uses
Ans: all the options

2. Hail a Taxi is _________


Ans: None of the options*(Soltra Plug-in)

3. Threat Intel Feeds can be __________


Ans: All the options

4. Select the Correct order of nested data in a JSON file which is


processed in the pipeline
Ans: enrichment -> threatIntel ->triageConfig $

5. Which of the following statements regarding MetaalertDao


is/are TRUE
Ans: It denormalizes the relation between alerts and metaalerts$

6. Profiler can be configured for entities like


Ans: All the given options

7. Enrichment configuration can be stored on _________


8. Ans: Zookeeper$

9. What are the feeds in Metron?


Ans: All the option*

10. Which of the following is NOT a component of parsing


topology?
Ans: Storm parser spout $

11. In Telemetry Parsing Stage ________


Ans: data normalization takes place

12. Soltra is a
Ans: threat intel feed aggregartor or threat intel feed loader*

13. Zeppelin Interpreter do NOT support


Ans: node.js
14. Pick out the Stellar Keyword among the following.
Ans: naN

15. Data to create a profiler is collected


Ans: Over multiple windows

16. UDFs are supported by Stellar


Ans: True

17. Consider you are trying to parse telemetry of a application


which uses a custom API. Its telemetry is highly complex and
the data is generated at a rapid rate. What is an ideal parsing
strategy for the scenario?
Ans: Use in-built Grok Parser

18. Stellar is Integrated into Metron Components such as _________


Ans: Global Validation and Threat Triage

19. When Machine Learning models are employed for threat


intelligence what is considered to be an infrastructure
challenge?
Ans: Type of adopted model

20. Apache Metron do NOT have a dependency on _______


Ans: ansible

21. Timestamp in Metron is parsed in ________


Ans: POSIX $

22. Who among the following is considered to be an advanced SME


w.r.t Apache Metron Platform _____________
Ans: Security Platform Ops Engineer

23. HDFS Index updates are supported in Metron.


Ans: No, Only Random Access Index updates are supported

24. MaaS scaling can be done through ______


Ans: REST
25. How does Network Intrusion Detection System works?
Ans: All the given options*(none of the given options.

26. Validation of data entering Metron can be validated ___________


Ans: partially at time of enrichment

27. Threat Intel Store is based on


Ans: Key – Value Pair

28.
What happens when a specific no.of entries are not populated
in batchTimeout specified?
Ans: Entries are cached for next batch*(entries are flushed out)

29. Risk Level is determined through


Ans: riskLevelRules

30. Identify the Stellar Function which is NOT VALID


Ans: IS_SUBNET

31. Consider you are a store owner operating your own website for
the people of your Town. What can be ideal for maintaining
security of the shopping platform on your site?
Ans: Traditional SIEM

32. DPI(Deep Packet Inspection) Data is best to be extracted only


for ____________
Ans: Netflow protocol

33. Default Indexer of Metron is ____________


Ans: HDFS

34. Metron apart from in-built Geo Enrichment supports


Ans: User and Network Enrichment

35. Apache Metron in Deployment is __________


Ans: Centralised*

You might also like