Module 2 - Fighters In The War Against Cybercrime Flashcards
Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?
Tier 3 personnel
SOC Manager
Tier 2 personnel
Tier 1 personnel
Tier 1 personnel
After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
an alert analyst for further analysis
the SOC manager to ask for other personnel to be assigned
a cyberoperations analyst for help
a SME for further investigation
a SME for further investigation
Which two services are provided by security operations centers? (Choose two.)
providing secure Internet connections
responding to data center physical break-ins
monitoring network security threats
managing comprehensive threat solutions
ensuring secure routing packet exchanges
monitoring network security threats
managing comprehensive threat solutions
What is Mean Time to Detect (MTTD)
MTTD is the average time that it takes for the SOC personnel to identify valid security incidents have occurred in the network
Which metric is used to measure the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped?
MTTC
MTTR
Dwell Time
MTTD
Dwell Time
What is the role of SIEM?
- to analyze all the network packets for any malware signatures and synchronize the signatures with the Federal Government databases
- to analyze all the data that firewalls, network appliances, intrusion detection systems, and other devices generate and institute preventive measures
- to analyze all the network packets for any malware signatures and update the vulnerabilities database
- to analyze any OS vulnerabilities and apply security patches to secure the operating systems
to analyze all the data that firewalls, network appliances, intrusion detection systems, and other devices generate
What is a characteristic of the SOAR security platform?
to provide a user friendly interface that uses the Python programming language to manage security threats
to provide a means to synchronize the vulnerabilities database
to interact with the Federal Government security sites and update all vulnerability platforms
to include predefined playbooks that enable automatic response to specific threats
to include predefined playbooks that enable automatic response to specific threats
A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee?
further investigating security incidents
monitoring incoming alerts and verifying that a true security incident has occurred
serving as the point of contact for a customer
hunting for potential security threats and implementing threat detection tools
further investigating security incidents
If a SOC has a goal of 99.99% uptime, how many minutes of downtime a year would be considered within its goal?
60.56
50.38
48.25
52.56
52.56
Which organization offers the vendor-neutral CySA+ certification?
(ISC)²
IEEE
CompTIA
GIAC
CompTIA
In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate?
syslog server
security alert knowledge-based system
registration system
ticketing system
ticketing system
How can a security information and event management system in a SOC be used to help personnel fight against security threats?
by collecting and filtering data
by authenticating users to network resources
by filtering network traffic
by encrypting communications to remote sites
by collecting and filtering data
Which three technologies should be included in a security information and event management system in a SOC? (Choose three.)
vulnerability tracking
security monitoring
VPN connection
firewall appliance
intrusion prevention
threat intelligence
threat intelligence
security monitoring
vulnerability tracking