Q.1 Who is responsible for finding patterns in the security data ingested into Metron?
A. Forensic Investigator
B. SOC Investigator
C. Security Data Scientist
D. SOC Analyst
Ans : Security Data Scientist
Q.2 Apache Metron is built on top of _________.
A. Cisco Open Source Technologies
B. Apache Open Source Technologies
C. Multiple Cisco and Apache Technologies
D. Cisco Licensed Technologies
Ans : Cisco Open Source Technologies
Q.3 Apache Metron in Deployment is __________
A. replicated
B. distributed
C. can be either centralised or distributed
D. centralised
Ans : can be either centralised or distributed
Q.4 Which of the following is an Example of Threat Intel feeds in Metron?
A. DPI
B. Bro
C. Nifi
D. Soltra
Ans : Soltra
Q.5 Consider you are a store owner operating your own website for the people of your Town. What can be ideal for maintaining security of the shopping platform on your site?
A. Traditional SIEM
B. Security is not needed
C. Metron
D. Either Metron or Traditional SIEM
Ans : Traditional SIEM
Q.6 Telemetry Data Ingestion is possible into Metron through ___________.
A. Apache Impala
B. Apache Kudu
C. Apache Storm
D. Apache Nifi
Ans : Apache Nifi
Q.7 Timestamp in Metron is parsed in ________.
A. Both POSIX and UTC
B. UTC format
C. POSIX format
D. None of the given options
Ans : POSIX format
Q.8 Machine Learning models can be adopted in Metron for ________.
A. Advanced Analytics
B. Threat Prediction
C. Anomaly Detection
D. all the given options
Ans : all the given options
Q.9 Metron Provides support for multiple types of data through its __________.
A. Intelligence Platform
B. Data Vault
C. Pluggable framework
D. all the given options
Ans : Pluggable framework
Q.10 Which of the following is NOT a component of parsing topology?
A. Storm kafka spout
B. kafka parser bolt
C. Storm parser spout
D. none of the options
E. all the given options
Ans : Storm parser spout
Q.11 Parallel Enrichment is available on Metron by default
A. True
B. False
Ans : False
Q.12 What is the order of stages in Stream Processing Pipeline. a) Theat Intel b.) Telemetry Parsing c.) Index and Write d.) Alert Triage e.) Enrichment
A. a, b, c, d, e
B. b, e, a, d, c
C. b, e d, a, c
D. b, a d, e, c
E. none of the given options
Ans : b, e, a, d, c
Q.13 In Telemetry Parsing Stage ________.
A. data normalization takes place
B. data validation takes place
C. data enrichment takes place
D. data transformation takes place
Ans : data normalization takes place
Q.14 Stellar Expressions can be used in telemetry parsing as part of ______.
A. data normalization
B. cannot be used in telemetry parsing
C. data validation
D. data transformation
E. all the given options
Ans : cannot be used in telemetry parsing
Q.15 Threat Intel Feeds can be __________.
A. streamed in real-time
B. normalised and de-duped
C. Bulk-loaded
D. all the given options
Ans : all the given options
Q.16 Client for MaaS is written in ___________.
A. Scala
B. Node.js
C. Python
D. Java
Ans : Java
Q.17 Profiler can be configured for entities like
A. application
B. user
C. subnet
D. server
E. all the given options
Ans : all the given options
Q.18 Solr and ElasticSearch Indices are supported __________.
A. as they are cold storage indices
B. as they are kibana supported
C. as they are random access indices
D. all the given options
Ans : as they are kibana supported
Q.19 Which of the following statements regarding MetaalertDao is/are TRUE
A. pagination of metaalerts is not possible
B. alerts are linked to metaalerts by id
C. It denormalizes the relation between alerts and metaalerts
D. none of the given options
Ans : It denormalizes the relation between alerts and metaalerts
Q.20 HDFS Index updates are supported in Metron.
A. No, Only Random Access Index updates are supported
B. Yes, Using a NoSQL write ahead log
C. Yes, Natively Supported
D. none of the given options
Ans : No, Only Random Access Index updates are supported
Q.21 Enrichment configuration can be stored on _________.
A. storm
B. Hbase
C. zookeeper
D. HDFS
Ans : zookeeper
Q.22 Validation of data entering Metron can be validated ___________.
A. fully at the time of ingestion
B. partially at the time of ingestion
C. partially at time of enrichment
D. all the given options
Ans : partially at time of enrichment
Q.23 Threat Intel Store is based on.
A. Key – Value Pair
B. Graph DB
C. Columnar Table
D. Document DB
Ans : Key – Value Pair
Q.24 Select the Correct order of nested data in a JSON file which is processed in the pipeline.
A. threatIntel -> triageConfig -> enrichment
B. enrichment -> triageConfig -> threatIntel
C. enrichment -> threatIntel ->triageConfig
D. None of the options
Ans : enrichment -> threatIntel ->triageConfig
Q.25 UDFs are supported by Stellar.
A. True
B. False
Ans : True
Q.26 Which of the following statements regarding MetaalertDao is/are TRUE.
A. It is limited by parent-child relationships between alerts and metaalerts
B. It denormalizes the relation between alerts and metaalerts
C. alerts are linked to metaalerts by id
D. none of the given options
Ans : It is limited by parent-child relationships between alerts and metaalerts
Q.27 Apache Metron do NOT have a dependency on _______.
A. docker
B. python
C. ansible
D. vagrant
Ans : ansible
Q.28 Identify the Stellar Function which is NOT VALID.
A. IS_DOMIAN
B. IS_IP
C. IS_SUBNET
D. IS_EMAIL
Ans : IS_SUBNET
Q.29 When Machine Learning models are employed for threat intelligence what is considered to be an infrastructure challenge?
A. Type of adopted model
B. Model Implementation Language dependency
C. Implemented Model accuracy
D. all the given options
Ans : Type of adopted model
Q.30 Consider you are trying to parse telemetry of a application which uses a custom API. Its telemetry is highly complex and the data is generated at a rapid rate. What is an ideal parsing strategy for the scenario?
A. Write a Custom JVM parser while using Grok as stop gap
B. Write and use a Custom JVM parser
C. Modify a Grok Parser while using JVM parser as stop gap
D. Use in-built Grok Parser
Ans : Use in-built Grok Parser
Q.31 MaaS scaling can be done through ______.
A. YARN
B. Service Discovery
C. REST
D. Storm
Ans : REST
Q.32 Data to create a profiler is collected.
A. Over sliding windows
B. Over multiple windows
C. from different data sources
D. In time series way
Ans : Over multiple windows
Q.33 Zeppelin Interpreter do NOT support.
A. Python
B. JDBC
C. Node.js
D. Cassandra
Ans : Node.js
Q.34 Stellar is Integrated into Metron Components such as _________.
A. Enrichment and Indexing
B. Indexing and Threat Triage
C. Enrichment and Threat Triage
D. Global Validation and Threat Triage
E. Global Validation and Enrichment
Ans : Global Validation and Threat Triage
Q.35 Default Indexer of Metron is ____________.
A. HDFS
B. Hbase
C. Elastic Search
D. Solr
Ans : HDFS
Q.36 How does Network Intrusion Detection System works?
A. Uses fixed rules to identify abnormal events
B. Tracks communication between actors of target network
C. Extracts application level request details
D. all the given options
Ans : Uses fixed rules to identify abnormal events
Q.37 DPI(Deep Packet Inspection) Data is best to be extracted only for ____________.
A. DNS Protocol
B. REST Protocol
C. PCAP
D. Netflow protocol
Ans : Netflow protocol
Q.38 Pick out the Stellar Keyword among the following.
A. NaN
B. except
C. case
D. all the given options
Ans : NaN
Q.39 Metron apart from in-built Geo Enrichment supports.
A. Asset and User Enrichment
B. none of the given options
C. Asset and Network Enrichment
D. User and Network Enrichment
Ans : Asset and Network Enrichment
Q.40 Who among the following is considered to be an advanced SME w.r.t Apache Metron Platform _____________.
A. SOC Investigator
B. Security Platform Ops Engineer
C. SOC Analyst
D. Forensic Investigator
Ans : Security Platform Ops Engineer
