Fundamentals of SOC

Ace your homework & exams now with Quizwiz!

Which business objective dictates how to measure "performance" against the defined and socialized mission statement? Mission Governance Planning Budget

Governance

Question 34 of 38 Which team would have work tickets to reimage machines, request system patching, or reject assets joining the network? IT Operations DevOps Operational Technology Help Desk

Help Desk

Which element can reduce the number of unauthorized, unpatched, or compromised devices from connecting to the network? Virtual Private Network (VPN) DNS Sinkholing Network Access Control Identity and Access Management

Network Access Control

Which metric has skewed results that may cause analysts to "cherry-pick" incidents? Mean Time to Resolution (MTTR) Number of firewalls/rules deployed Number of feeds into SIEM Number of incidents handled

Number of incidents handled

Which feature can mitigate or block malicious behavior and is considered a proactive control? Intrusion Detection System (IDS) Intrusion Prevention System (IPS) DNS Sinkholing Behavioral Analysis

Intrusion Prevention System (IPS)

In which of the four main core functions of security operations should a detailed analysis take place? Identification Investigation Mitigation Continuous Improvement

Investigation

Which business objective includes details about how the Security Operations organization will achieve its goals? Mission Governance Planning Budget

Planning

Which pillar defines the step-by-step instructions and functions that will be carried out? Processes Interfaces People Business Visibility Technology

Processes

Which element refers to technologies that enable organizations to collect inputs monitored by the Security Operations team? SIEM Case Management Knowledge Management SOAR

SOAR

Which pillar requires maintaining an SME specialist? Processes Interfaces People Business Visibility Technology

Technology

Which team identifies potential risks to the organization that have not yet been observed in the network? Forensics and Telemetry Threat Hunting Threat Intelligence Red and Purple

Threat Intelligence

Which element is a security technology that detects malicious activity by identifying anomalous behavior indicative of attacks? Endpoint Security Intrusion Prevention and Detection Systems Behavioral Analysis Malware Sandboxing

Behavioral Analysis

Which pillar defines the purpose of the Security Operations team to the business and how it will be managed? Processes Interfaces Business Visibility Technology

Business

Which element of the Processes pillar is rooted in revisiting prior incidents? Tuning Process Improvement Capability Improvement Quality Review

Capability Improvement

Which element of the People pillar focuses on retaining staff members? Employee Utilization Training Career Path Progression Tabletop Exercises

Career Path Progression

Which element is a collaborative toolset used to document, track, and notify the entire organization of security incidents? Knowledge Management Case Management Asset Management Vulnerability Management Tools

Case Management

Which element is responsible for building alert profiles that identify the alerts to be forwarded for investigation? Threat Intelligence Content Engineering Forensics and Telemetry Business Liaison

Content Engineering

Which business objective is considered the roadmap that guides the organization? Mission Governance Planning Budget

Mission

Which element provides investigative support if legal action is required? Governance, Risk and Compliance Forensics and Telemetry Business Liaison Enterprise Architecture

Forensics and Telemetry

Which team is responsible for developing, implementing, and maintaining the network security policies? Vulnerability Network Security Operational Technology IT Operations

Network Security

Which element protects HTTP applications from well-known HTTP exploits? Malware Sandboxing Intrusion Prevention and Detection Web Application Firewall Web Proxy

Web Application Firewall

Which pillar enables you to anticipate, prepare, and react to changes in security operations? Processes Interfaces People Business Visibility Technology

Visibility

Which pillar defines the functions that need to happen to achieve the stated goals? Processes Interfaces People Business Visibility Technology

Interfaces

Which pillar identifies the scope of responsibilities and separation of duties? Processes Interfaces People Business Visibility Technology

Interfaces

Which element provides control for detecting and protecting servers, PCs, laptops, phones, and tablets from attacks such as exploits and malware? Malware Sandboxing Endpoint Security Mobile Device Management Firewall

Endpoint Security

Which team is responsible for understanding, developing, and maintaining both the physical and virtual network design? SOC Engineering Enterprise Architecture IT Operations Network Security

Enterprise Architecture

Which element is an essential cybersecurity control to separate networks and enforce communication restrictions between networks? Firewall Intrusion Prevention and Detection Web Application Firewall Web Proxy

Firewall

Which technology or technique can be implemented to detect, deflect, and counteract malicious activities? Firewall Endpoint Security Honey Pot DNS Sinkholing

Honey Pot

Which team is responsible for managing, monitoring, and responding to alerts that may impact the availability and performance of the IT infrastructure? Vulnerability Network Security Operational Technology IT Operations

IT Operations

Which element is used to gather information required to determine the severity of an incident and builds the foundation for an investigation? Severity Triage Initial Research Alerting Escalation Process

Initial Research

Which element of the Processes pillar is part of the Identification function? Detailed Analysis Process Improvement Initial Research Interface Agreements

Initial Research

Which element defines how the Security Operations team and surrounding teams will interact? Escalation Process Interface Agreements Change Control Quality Review

Interface Agreements

How is SOAR different from SIEM? It monitors various sources for machine data It provides real-time detection It ingests alerts and drives them to response It monitors alerts generated by applications and network hardware

It ingests alerts and drives them to response

Which element is considered a safe place to simulate an end user's environment to test unknown applications? Dedicated Workstation Malware Sandbox Honey Pot Virtual Private Network

Malware Sandbox

How often should tabletop exercises be performed? Once a month Once a quarter Once every 6 months Once a year

Once a quarter

Which element is a tool to assist organizations in aggregating, correlating, and analyzing threat data from multiple sources? Case Management Knowledge Management Threat Intelligence Platform Vulnerability Management Tools

Threat Intelligence Platform

Which is not a top-three wish for Security Operations Engineers? Reduce the number of alerts flowing into the SOC Access tools to quickly investigate threats Lessen the time required to take to contain a breach Use previous incidents to prevent future attacks

Use previous incidents to prevent future attacks

Which team is responsible for identifying and escalating vulnerabilities in an organization's assets, including hardware and software? Threat Intelligence Vulnerability Network Security Operational Technology

Vulnerability


Related study sets

CH.45 Patients w/Special Challenges

View Set

3.3) Parts of the Nervous System

View Set

Chapter 24-28 Art History Review (Multiple Choice)

View Set

College Korean -- Lesson 4 -- Questions and Answers

View Set

Business Policy Final Connect Questions 7-12

View Set

Adult Health Chapter 14 Normal and Altered Immune Responses

View Set

ant112 - chap 3 - doing fieldwork & methods

View Set

Chapter 22; Hoffman & Sullivan (Coordinating Care for Pts with HIV)

View Set

Chapter 7: Motivation and Emotion

View Set