1. Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?
- Tier 3 personnel
- SOC Manager
- Tier 2 personnel
- Tier 1 personnel
2. After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
- an alert analyst for further analysis
- the SOC manager to ask for other personnel to be assigned
- a cyberoperations analyst for help
- a SME for further investigation
3. Which two services are provided by security operations centers? (Choose two.)
- providing secure Internet connections
- responding to data center physical break-ins
- monitoring network security threats
- managing comprehensive threat solutions
- ensuring secure routing packet exchanges
4. Which metric is used in SOCs to evaluate the average time that it takes to identify that valid security incidents have occurred in the network?
- Dwell Time
5. Which KPI metric does SOAR use to measure the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped?
- Dwell Time
6. What is the role of SIEM?
- to analyze all the network packets for any malware signatures and synchronize the signatures with the Federal Government databases
- to analyze all the data that firewalls, network appliances, intrusion detection systems, and other devices generate and institute preventive measures
- to analyze all the network packets for any malware signatures and update the vulnerabilities database
- to analyze any OS vulnerabilities and apply security patches to secure the operating systems
7. What is a characteristic of the SOAR security platform?
- to provide a user friendly interface that uses the Python programming language to manage security threats
- to provide a means to synchronize the vulnerabilities database
- to interact with the Federal Government security sites and update all vulnerability platforms
- to include predefined playbooks that enable automatic response to specific threats
8. A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee?
- further investigating security incidents
- monitoring incoming alerts and verifying that a true security incident has occurred
- serving as the point of contact for a customer
- hunting for potential security threats and implementing threat detection tools
9. If a SOC has a goal of 99.99% uptime, how many minutes of downtime a year would be considered within its goal?
10. Which organization offers the vendor-neutral CySA+ certification?
11. In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?
- syslog server
- security alert knowledge-based system
- registration system
- ticketing system
12. How can a security information and event management system in a SOC be used to help personnel fight against security threats?
- by collecting and filtering data
- by authenticating users to network resources
- by filtering network traffic
- by encrypting communications to remote sites
13. Which three technologies should be included in a security information and event management system in a SOC? (Choose three.)
- vulnerability tracking
- security monitoring
- VPN connection
- firewall appliance
- intrusion prevention
- threat intelligence