CyberOps Module 1: The Danger Quiz and Module 2: The Modern Security Operations Center

What is a characteristic of the SOAR security platform? a. To include predefined playbooks that enable automatic response to specific threats b. To provide a user friendly interface that uses the Python programming language to manage security threats c. To provide a means to synchronize the vulnerabilities database d. To interact with the Federal Government security sites and update all vulnerability platforms

a

What is the best definition of personally identifiable information (PII)? a. Data that is collected by businesses to distinguish identities of individuals. b. Data that is collected by businesses to track to digital behavior of consumers. c. Data that is collected from servers and websites for anonymous browsing. d. Data that is collected from servers and web browsers using cookies in order to track a consumer.

a

What was used as a cyberwarfare weapon to attack a uranium enrichment facility in Iran? a. Stuxnet b. SQL injection c. PSYOPS d. DDoS

a

Which device integrates security information and event management into a single platform? a. SIEM b. SOAR c. Threat Hunter

a

Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident? a. Tier 1 personnel b. SOC Manager c. Tier 2 personnel Tier 3 personnel

a

Which three technologies should be included in a security information and event management system in a SOC? (Choose three) a. Vulnerability tracking b. VPN connection c. Firewall appliance d. Threat intelligence e. Intrusion prevention f. Security monitoring

a, d, f

A network security professional has applied for a Tier 2 position in a SOC. What is a typical job function that would be assigned to a new employee? a. Hunting for potential security threats and implementing threat detection tools b. Further investigating security incidents c. Monitoring incoming alerts and verifying that a true security incident has occurred d. Serving as the point of contact for a customer

b

After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated? a. The SOC manager to ask for other personnel to be assigned b. A SME for further investigation c. An alert analyst for further analysis d. A cyberoperations analyst for help

b

What is cyberwarfare? a. It is an attack that only involves robots and bots. b. It is an attack designed to disrupt, corrupt, or exploit national interests. c. It is an attack only on military targets. d. It is an attack on a major corporation.

b

What type of malware has the primary objective of spreading across the network? a. Virus b. Worm c. Trojan horse d. Botnet

b

Which KPI metric does SOAR use to measure the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped? a. MTTR b. Dwell Time c. MTTD d. MTTC

b

Which SOC job role manages all the resources of the SOC and serves as a point of contact for the larger organization or customer? a. SME/Threat Hunter b. SOC Manager c. Cybersecurity Analyst d. Incident Responder

b

Which device integrates orchestration tools and resources to automatically respond to security events? a. SIEM b. SOAR c. Threat Hunter

b

Which metric is used in SOCs to evaluate the average time that it takes to identify that valid security incidents have occurred in the network? a. MTTC b. MTTD c. MTTR d. Dwell Time

b

An attacker sends a piece of malware as an email attachment to employees in a company. What is one probable purpose of the attack? a. Denying external access to a web server that is open to the public b. Cracking the administrator password for a critical server c. Searching and obtaining trade secrets d. Probing open ports on the firewall on the border network

c

In the operation of a SOC, which system is frequently used to let an analyst select alerts from a pool to investigate? a. Registration system b. Security alert knowledge-based system c. Ticketing system d. Syslog server

c

What commonly motivates cybercriminals to attack networks as compared to hacktivists or state sponsored hackers? a. Fame seeking b. Status among peers c. Financial gain d. Political reasons

c

What is a botnet? a. A group of web servers that provide load balancing and fault tolerance b. An online video game intended for multiple players c. A network of infected computers that are controlled as a group d. A network that allows users to bring their own technology

c

What is a potential risk when using a free and open wireless hotspot in a public location? a. The Internet connection can become too slow when many users access the wireless hotspot. b. Purchase of products from vendors might be required in exchange for the Internet access. c. Network traffic might be hijacked and information stolen.

c

What is a rogue wireless hotspot? a. It is a hotspot that does not encrypt network user traffic. b. It is a hotspot that was set up with outdated devices. c. It is a hotspot that appears to be from a legitimate business but was actually set up by someone without the permission from the business.

c

What is the role of SIEM? a. To analyze any OS vulnerabilities and apply security patches to secure the operating systems b. To analyze all the network packets for any malware signatures and update the vulnerabilities database c. To analyze all the data that firewalls, network appliances, intrusion detection systems, and other devices generate and institute preventive measures d. To analyze all the network packets for any malware signatures and synchronize the signatures with the Federal Government databases

c

Which SOC job role processes security alerts and forwards tickets to Tier 2 if necessary? a. SME/Threat Hunter b. SOC Manager c. Cybersecurity Analyst d. Incident Responder

c

Which organization offers the vendor-neutral CySA+ certification? a. (ISC)2 b. GIAC c. CompTIA d. IEEE

c

A company pays a significant sum of money to hackers in order to regain control of an email and data server. Which type of security attack was used by the hackers? a. trojan horse b. spyware c. DoS d. ransomware

d

At the request of investors, a company is proceeding with cyber attribution with a particular attack that was conducted from an external source. Which security term is used to describe the person or device responsible for the attack? a. Fragmenter b. Skeleton c. Tunneler d. Threat actor

d

How can a security information and event management system in a SOC be used to help personnel fight against security threats? a. By filtering network traffic b. By encrypting communications to remote sites c. By authenticating users to network resources d. By collecting and filtering data

d

If a SOC has a goal of 99.99% uptime, how many minutes of downtime a year would be considered within its goal? a. 50.38 b. 48.25 c. 60.56 d. 52.56

d

What name is given to an amateur hacker? a. Blue team b. Red hat c. Black hat d. Script kiddie

d

Which SOC job role is responsible for deep investigation of incidents? a. SME/Threat Hunter b. SOC Manager c. Cybersecurity Analyst d. Incident Responder

d

Which two services are provided by security operations centers? (choose two) a. Providing secure Internet connections b. Ensuring secure routing packet exchanges c. Responding to data center physical break-ins d. Managing comprehensive threat solutions e. Monitoring network security threats

d, e