1.2 Defining the Security Operations Center

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Types of Security Operations Centers Which two statements are true regarding a threat-centric SOC? (Choose two.)

A threat-centric SOC proactively hunts for malicious threats on networks. A threat-centric SOC focuses on addressing security across the entire attack continuum—before, during, and after an attack.

Types of Security Operations Centers Which two statements are true regarding an operational-based SOC? (Choose two.)

An operational-based SOC is an internally focused organization that monitors the security posture of an organization's internal network. An operational-based SOC is focused on the administration of firewall ACL rules, and so on.

Roles in a Security Operations Center Match the responsibilities of a security analyst to their tier2:

performs deep-dive incident analysis by correlating data from various sources, determines if a critical system or data set has been impacted; advises on remediation; provides support for new analytic methods for detecting threats

Roles in a Security Operations Center Match the responsibilities of a security analyst to their tier3:

possesses in-depth technical knowledge on the network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure; acts as an incident "hunter," not waiting for escalated incidents; closely involved in developing, tuning, and implementing threat detection analytics

Types of Security Operations Centers Which two statements are true regarding a compliance-based SOC? (Choose two.)

A compliance-based SOC focuses on comparing the posture of network systems to reference configuration templates or standard system builds. A compliance-based SOC focuses on detecting unauthorized changes and existing configuration problems that could lead to a possible security breach.

Data Analytics Which statement is true regarding data analytics?

Data analytics is the science of examining and deciphering raw data with the purpose of drawing conclusions from it.

Data Analytics Which statement is true regarding dynamic analysis?

Dynamic analysis is the testing and evaluation of a program by executing the data in real time.

SOC Analyst Tools Which Security Onion component is used to query log data from the different sources?

ELSA

Data Analytics In log mining, which statement is true about sequencing?

Sequencing is the reconstruction or the following of the network traffic flow.

SOC Analyst Tools Which two of the following tools in Security Onion could be used for intrusion detection? (Choose two.)

Snort Suricata

Sufficient Staffing Necessary for an Effective Incident Response Team Which two statements are most correct about the SOC analyst job role? (Choose two.)

The SOC analyst job role heavily involves the use of the SIEM. The exact job role of the SOC analyst will vary among different organizations.

Sufficient Staffing Necessary for an Effective Incident Response Team Which job role in a SOC would most likely perform the initial triage of alerts that are received from SIEM?

Tier 1 security analys

Roles in a Security Operations Center Match the responsibilities of a security analyst to their tier 1:

continuously monitors the alert queue; triages security alerts; monitors health of security sensors and endpoints; collects data and context

Roles in a Security Operations Center Which two basic skills must Tier 1 security analysts possess to be effective at their jobs? (Select two.)

device configuration traffic capture

Develop Key Relationships with External Resources What are three typical requirements for a SOC? (Choose three.)

effective NSM tools security analysts with comprehensive technical backgrounds effective processes to support the SOC operations

Hybrid Installations: Automated Reports, Anomaly Alerts Which type of event should an analyst spend the least amount of time investigating?

false positive alerts

Hybrid Installations: Automated Reports, Anomaly Alerts Match the term to its correct explanation.

for tasks that are repetitive = SOC automation should not require a security analyst to intervene = false positive alerts can be volume- or feature-based = anomaly detection


Kaugnay na mga set ng pag-aaral

Exam AI-100: Designing and Implementing an Azure AI Solution

View Set

Algebra 2 B- Lesson 3: Rational Functions and Their Graphs

View Set

Fundamentals Success: Diversity & Spirituality

View Set

Mastering A&P: Chapter 11.1A-11.3A

View Set

GEO 1264 Final Unit Exam Study Guide

View Set

Money and Banking Chapter 9: Derivatives: Futures, Options, and Swaps

View Set

Ch 8 Security + 6th Edition End of Chapter Questions

View Set

Ch.57: Drugs Affecting GI secretions

View Set