Fundamentals of SOC
Which business objective dictates how to measure "performance" against the defined and socialized mission statement? Mission Governance Planning Budget
Governance
Question 34 of 38 Which team would have work tickets to reimage machines, request system patching, or reject assets joining the network? IT Operations DevOps Operational Technology Help Desk
Help Desk
Which element can reduce the number of unauthorized, unpatched, or compromised devices from connecting to the network? Virtual Private Network (VPN) DNS Sinkholing Network Access Control Identity and Access Management
Network Access Control
Which metric has skewed results that may cause analysts to "cherry-pick" incidents? Mean Time to Resolution (MTTR) Number of firewalls/rules deployed Number of feeds into SIEM Number of incidents handled
Number of incidents handled
Which feature can mitigate or block malicious behavior and is considered a proactive control? Intrusion Detection System (IDS) Intrusion Prevention System (IPS) DNS Sinkholing Behavioral Analysis
Intrusion Prevention System (IPS)
In which of the four main core functions of security operations should a detailed analysis take place? Identification Investigation Mitigation Continuous Improvement
Investigation
Which business objective includes details about how the Security Operations organization will achieve its goals? Mission Governance Planning Budget
Planning
Which pillar defines the step-by-step instructions and functions that will be carried out? Processes Interfaces People Business Visibility Technology
Processes
Which element refers to technologies that enable organizations to collect inputs monitored by the Security Operations team? SIEM Case Management Knowledge Management SOAR
SOAR
Which pillar requires maintaining an SME specialist? Processes Interfaces People Business Visibility Technology
Technology
Which team identifies potential risks to the organization that have not yet been observed in the network? Forensics and Telemetry Threat Hunting Threat Intelligence Red and Purple
Threat Intelligence
Which element is a security technology that detects malicious activity by identifying anomalous behavior indicative of attacks? Endpoint Security Intrusion Prevention and Detection Systems Behavioral Analysis Malware Sandboxing
Behavioral Analysis
Which pillar defines the purpose of the Security Operations team to the business and how it will be managed? Processes Interfaces Business Visibility Technology
Business
Which element of the Processes pillar is rooted in revisiting prior incidents? Tuning Process Improvement Capability Improvement Quality Review
Capability Improvement
Which element of the People pillar focuses on retaining staff members? Employee Utilization Training Career Path Progression Tabletop Exercises
Career Path Progression
Which element is a collaborative toolset used to document, track, and notify the entire organization of security incidents? Knowledge Management Case Management Asset Management Vulnerability Management Tools
Case Management
Which element is responsible for building alert profiles that identify the alerts to be forwarded for investigation? Threat Intelligence Content Engineering Forensics and Telemetry Business Liaison
Content Engineering
Which business objective is considered the roadmap that guides the organization? Mission Governance Planning Budget
Mission
Which element provides investigative support if legal action is required? Governance, Risk and Compliance Forensics and Telemetry Business Liaison Enterprise Architecture
Forensics and Telemetry
Which team is responsible for developing, implementing, and maintaining the network security policies? Vulnerability Network Security Operational Technology IT Operations
Network Security
Which element protects HTTP applications from well-known HTTP exploits? Malware Sandboxing Intrusion Prevention and Detection Web Application Firewall Web Proxy
Web Application Firewall
Which pillar enables you to anticipate, prepare, and react to changes in security operations? Processes Interfaces People Business Visibility Technology
Visibility
Which pillar defines the functions that need to happen to achieve the stated goals? Processes Interfaces People Business Visibility Technology
Interfaces
Which pillar identifies the scope of responsibilities and separation of duties? Processes Interfaces People Business Visibility Technology
Interfaces
Which element provides control for detecting and protecting servers, PCs, laptops, phones, and tablets from attacks such as exploits and malware? Malware Sandboxing Endpoint Security Mobile Device Management Firewall
Endpoint Security
Which team is responsible for understanding, developing, and maintaining both the physical and virtual network design? SOC Engineering Enterprise Architecture IT Operations Network Security
Enterprise Architecture
Which element is an essential cybersecurity control to separate networks and enforce communication restrictions between networks? Firewall Intrusion Prevention and Detection Web Application Firewall Web Proxy
Firewall
Which technology or technique can be implemented to detect, deflect, and counteract malicious activities? Firewall Endpoint Security Honey Pot DNS Sinkholing
Honey Pot
Which team is responsible for managing, monitoring, and responding to alerts that may impact the availability and performance of the IT infrastructure? Vulnerability Network Security Operational Technology IT Operations
IT Operations
Which element is used to gather information required to determine the severity of an incident and builds the foundation for an investigation? Severity Triage Initial Research Alerting Escalation Process
Initial Research
Which element of the Processes pillar is part of the Identification function? Detailed Analysis Process Improvement Initial Research Interface Agreements
Initial Research
Which element defines how the Security Operations team and surrounding teams will interact? Escalation Process Interface Agreements Change Control Quality Review
Interface Agreements
How is SOAR different from SIEM? It monitors various sources for machine data It provides real-time detection It ingests alerts and drives them to response It monitors alerts generated by applications and network hardware
It ingests alerts and drives them to response
Which element is considered a safe place to simulate an end user's environment to test unknown applications? Dedicated Workstation Malware Sandbox Honey Pot Virtual Private Network
Malware Sandbox
How often should tabletop exercises be performed? Once a month Once a quarter Once every 6 months Once a year
Once a quarter
Which element is a tool to assist organizations in aggregating, correlating, and analyzing threat data from multiple sources? Case Management Knowledge Management Threat Intelligence Platform Vulnerability Management Tools
Threat Intelligence Platform
Which is not a top-three wish for Security Operations Engineers? Reduce the number of alerts flowing into the SOC Access tools to quickly investigate threats Lessen the time required to take to contain a breach Use previous incidents to prevent future attacks
Use previous incidents to prevent future attacks
Which team is responsible for identifying and escalating vulnerabilities in an organization's assets, including hardware and software? Threat Intelligence Vulnerability Network Security Operational Technology
Vulnerability