Beacon - Fundamentals of SOC (Security Operations Center) Assessment (02/10/20)
Which element is responsible for building alert profiles that identify the alerts to be forwarded for investigation?
Content Engineering
Which business objective is considered the roadmap that guides the organization?
Mission
Which pillar defines the step-by-step instructions and functions that will be carried out?
Processes
Which element is a security technology that detects malicious activity by identifying anomalous behavior indicative of attacks?
Behavioral Analysis
Which pillar defines the purpose of the Security Operations team to the business and how it will be managed?
Business
Which element of the Processes pillar is rooted in revisiting prior incidents?
Capability Improvement
Which element of the People pillar focuses on retaining staff members?
Career Path Progression
Which element is a collaborative toolset used to document, track, and notify the entire organization of security incidents?
Case Management
Which is not a top-three wish for Security Operations Engineers? A. Reduce the number of alerts flowing into the SOC B. Access tools to quickly investigate threats C. Lessen the time required to take to contain a breach D. Use previous incidents to prevent future attacks
D
Which element provides control for detecting and protecting servers, PCs, laptops, phones, and tablets from attacks such as exploits and malware?
Endpoint Security
Which team is responsible for understanding, developing, and maintaining both the physical and virtual network design?
Enterprise Architecture
Which element is an essential cybersecurity control to separate networks and enforce communication restrictions between networks?
Firewall
Which element provides investigative support if legal action is required?
Forensics and Telemetry
Which business objective dictates how to measure "performance" against the defined and socialized mission statement?
Governance
Which team would have work tickets to reimage machines, request system patching, or reject assets joining the network?
Help Desk
Which element is used to gather information required to determine the severity of an incident and builds the foundation for an investigation?
Initial Research
Which element of the Processes pillar is part of the Identification function?
Initial Research
Which element defines how the Security Operations team and surrounding teams will interact?
Interface Agreements
Which pillar defines the functions that need to happen to achieve the stated goals?
Interfaces
Which pillar identifies the scope of responsibilities and separation of duties?
Interfaces
Which feature can mitigate or block malicious behavior and is considered a proactive control?
Intrusion Prevention System (IPS)
In which of the four main core functions of security operations should a detailed analysis take place?
Investigation
How is SOAR different from SIEM?
It ingests alerts and drives them to response
Which element can reduce the number of unauthorized, unpatched, or compromised devices from connecting to the network?
Network Access Control
Which team is responsible for developing, implementing, and maintaining the network security policies?
Network Security
Which metric has skewed results that may cause analysts to "cherry-pick" incidents?
Number of incidents handled
How often should tabletop exercises be performed?
Once a quarter
Which element refers to technologies that enable organizations to collect inputs monitored by the Security Operations team?
SOAR
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation, and Response
Which pillar requires maintaining an SME specialist?
Technology
Which team identifies potential risks to the organization that have not yet been observed in the network?
Threat Intelligence
Which element is a tool to assist organizations in aggregating, correlating, and analyzing threat data from multiple sources?
Threat Intelligence Platform
Which pillar enables you to anticipate, prepare, and react to changes in security operations?
Visibility
Which team is responsible for identifying and escalating vulnerabilities in an organization's assets, including hardware and software?
Vulnerability
Which technology or technique can be implemented to detect, deflect, and counteract malicious activities?
Honey Pot
Which business objective includes details about how the Security Operations organization will achieve its goals?
Planning
Which team is responsible for managing, monitoring, and responding to alerts that may impact the availability and performance of the IT infrastructure?
IT Operations
Which element is considered a safe place to simulate an end user's environment to test unknown applications?
Malware Sandbox
Which element protects HTTP applications from well-known HTTP exploits?
Web Application Firewall