Lecture 3 Flashcards

Security Operations and Technologies

1
Q

What is vulnerability scanning and why is it important in a SOC?

A

It assesses the network and endpoints for vulnerabilities that adversaries could exploit, helping to identify and manage risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name some preventive technologies used in a SOC.

A

Firewalls, Proxies, VPNs, Network Access Control (NAC), and Data encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a honeypot in cybersecurity?

A

A system designed to attract adversaries and malware, diverting their attention from valuable production systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the key components of network segmentation?

A

Dedicated network equipment, VLANs, and Access Control Lists (ACLs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What factors are considered in disaster recovery planning for a SOC?

A

Business impact analysis, step-by-step disaster recovery plan, and regular testing and updating of the plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some examples of preventive technologies?

A

Firewalls and proxies, Reputation Security, VPNs, Network Access Control, and Data protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do detection technologies contribute to SOC defense?

A

They provide another layer of defense, validating whether preventive measures are effective and reducing the risk of exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of baselines in detection technologies?

A

To establish normal behavior for systems and users, helping to detect deviations that may indicate threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why are honeypots used in SOC environments?

A

To attract and divert adversaries from valuable systems, providing insight into attack methods and behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the benefits of using a Security Information and Event Management (SIEM) solution?

A

It centralizes event logging and analysis, helping to identify and respond to security incidents effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is NetFlow and how is it used in SOCs?

A

A network protocol that collects IP traffic information, used to detect threats based on device behavior and deviations from baselines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the key considerations for SOC capacity planning?

A

Physical and technical requirements, network throughput, and ensuring adequate resources and infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does segmentation help in SOC network planning?

A

It isolates different parts of the network to enhance security and control over data flow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the role of redundancy in SOC planning?

A

To ensure that critical services and systems have backup options in case of failures, maintaining continuous operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What should be included in a step-by-step disaster recovery plan for a SOC?

A

Locations of backup data, step-by-step instructions for recovery, and regular testing to ensure effectiveness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly