Splunk
What does the dedup command do in Splunk searches?
What is removing duplicate events based on a field?
What type of security platform is Wiz?
What is a cloud security posture management (CSPM) and CNAPP platform?
What type of security solution is SentinelOne?
What is an endpoint detection and response (EDR) and extended detection and response (XDR) platform?
What is a Canary token?
What is a decoy file, URL, or credential that triggers an alert when accessed?
What AWS service provides centralized security findings across accounts?
What is AWS Security Hub?
Where can you find dashboards within Splunk?
What is dashboards under the search dropdown?
How does Wiz detect vulnerabilities in cloud workloads?
What is agentless scanning and deep configuration analysis?
How does SentinelOne prevent ransomware attacks?
What is behavioral AI and rollback features?
What is the main purpose of a Canary device?
What is to act as a honeypot to detect intrusions?
How does AWS GuardDuty detect threats?
What is by analyzing VPC Flow Logs, DNS logs, and CloudTrail events using machine learning?
What is the name of the main app we use in Splunk for triaging alerts?
What is Enterprise Security?
What Wiz feature allows you to see lateral movement risks in a cloud environment?
What is the Security Graph?
What is the difference between Storyline and Deep Visibility in SentinelOne?
What is Storyline links related events together, while Deep Visibility provides real-time forensic search?
How can Canary be used to detect credential theft?
What is by deploying Canary tokens in sensitive locations?
What is the difference between AWS IAM roles and IAM users?
What is roles provide temporary permissions, while users have long-term credentials?
What index are AWS guard duty alerts found under?
What is aws_gd?
How does Wiz handle misconfigured IAM roles that pose a security risk?
What is by detecting over-permissioned roles and flagging excessive privileges that could be abused for privilege escalation?
What role does Singularity Ranger play in SentinelOne?
What is identifying unmanaged assets in a network?
How does a Canary device blend into an environment?
What is by mimicking legitimate assets such as servers or network devices?
How does AWS KMS protect encryption keys?
What is by using hardware security modules (HSMs) for key management and rotation?
What is the primary purpose of the spath command in Splunk?
What is to extract fields from structured data formats like JSON and XML? It allows users to navigate hierarchical data using the path= argument and create new fields for easier searching and analysis.
How can Wiz identify sensitive data exposure in S3 buckets?
What is by using Data Security Posture Management (DSPM) capabilities?
How does SentinelOne detect and prevent fileless malware?
What is behavioral AI that detects execution patterns rather than signatures?
How does Canary handle false positives?
What is by allowing fine-tuning of alerts and providing context-aware notifications?
How can AWS organizations help enforce security compliance across multiple accounts?
What is by applying Service Control Policies (SCPs) and centralized logging?