Beacon - Fundamentals of SOC (Security Operations Center) Assessment (02/10/20)

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which element is responsible for building alert profiles that identify the alerts to be forwarded for investigation?

Content Engineering

Which business objective is considered the roadmap that guides the organization?

Mission

Which pillar defines the step-by-step instructions and functions that will be carried out?

Processes

Which element is a security technology that detects malicious activity by identifying anomalous behavior indicative of attacks?

Behavioral Analysis

Which pillar defines the purpose of the Security Operations team to the business and how it will be managed?

Business

Which element of the Processes pillar is rooted in revisiting prior incidents?

Capability Improvement

Which element of the People pillar focuses on retaining staff members?

Career Path Progression

Which element is a collaborative toolset used to document, track, and notify the entire organization of security incidents?

Case Management

Which is not a top-three wish for Security Operations Engineers? A. Reduce the number of alerts flowing into the SOC B. Access tools to quickly investigate threats C. Lessen the time required to take to contain a breach D. Use previous incidents to prevent future attacks

D

Which element provides control for detecting and protecting servers, PCs, laptops, phones, and tablets from attacks such as exploits and malware?

Endpoint Security

Which team is responsible for understanding, developing, and maintaining both the physical and virtual network design?

Enterprise Architecture

Which element is an essential cybersecurity control to separate networks and enforce communication restrictions between networks?

Firewall

Which element provides investigative support if legal action is required?

Forensics and Telemetry

Which business objective dictates how to measure "performance" against the defined and socialized mission statement?

Governance

Which team would have work tickets to reimage machines, request system patching, or reject assets joining the network?

Help Desk

Which element is used to gather information required to determine the severity of an incident and builds the foundation for an investigation?

Initial Research

Which element of the Processes pillar is part of the Identification function?

Initial Research

Which element defines how the Security Operations team and surrounding teams will interact?

Interface Agreements

Which pillar defines the functions that need to happen to achieve the stated goals?

Interfaces

Which pillar identifies the scope of responsibilities and separation of duties?

Interfaces

Which feature can mitigate or block malicious behavior and is considered a proactive control?

Intrusion Prevention System (IPS)

In which of the four main core functions of security operations should a detailed analysis take place?

Investigation

How is SOAR different from SIEM?

It ingests alerts and drives them to response

Which element can reduce the number of unauthorized, unpatched, or compromised devices from connecting to the network?

Network Access Control

Which team is responsible for developing, implementing, and maintaining the network security policies?

Network Security

Which metric has skewed results that may cause analysts to "cherry-pick" incidents?

Number of incidents handled

How often should tabletop exercises be performed?

Once a quarter

Which element refers to technologies that enable organizations to collect inputs monitored by the Security Operations team?

SOAR

SIEM

Security Information and Event Management

SOAR

Security Orchestration, Automation, and Response

Which pillar requires maintaining an SME specialist?

Technology

Which team identifies potential risks to the organization that have not yet been observed in the network?

Threat Intelligence

Which element is a tool to assist organizations in aggregating, correlating, and analyzing threat data from multiple sources?

Threat Intelligence Platform

Which pillar enables you to anticipate, prepare, and react to changes in security operations?

Visibility

Which team is responsible for identifying and escalating vulnerabilities in an organization's assets, including hardware and software?

Vulnerability

Which technology or technique can be implemented to detect, deflect, and counteract malicious activities?

Honey Pot

Which business objective includes details about how the Security Operations organization will achieve its goals?

Planning

Which team is responsible for managing, monitoring, and responding to alerts that may impact the availability and performance of the IT infrastructure?

IT Operations

Which element is considered a safe place to simulate an end user's environment to test unknown applications?

Malware Sandbox

Which element protects HTTP applications from well-known HTTP exploits?

Web Application Firewall


Conjuntos de estudio relacionados

Coordinator/Manager of Care / Exam 5 / NUR 112

View Set

Developmental Psychopathology test 1

View Set

sociology final exam review part 2

View Set

Food and Beverage Management Midterm

View Set

(transforming G.E to S.E) circle

View Set

Accounting Chapter 4 Study Guide

View Set