Cyber OPS Quiz

Which two services are provided by security operations centers?

(Choose two.)

monitoring network security threats
responding to data center physical break-ins
providing secure Internet connections
managing comprehensive threat solutions
ensuring secure routing packet exchanges

Which personnel in a SOC is assigned the task of verifying whether an alert triggered by monitoring software represents a true security incident?

SOC Manager
Tier 1 personnel
Tier 2 personnel
Tier 3 personnel

Users report that a database file on the main server cannot be accessed. A database administrator verifies the issue and notices that the database file is now encrypted. The organization receives a threatening email demanding payment for the decryption of the database file. What type of attack has the organization experienced?

DoS attack
man-in-the-middle attack
ransomware
Trojan horse

Which transport layer feature is used to guarantee session establishment?

UDP ACK flag
TCP 3-way handshake
UDP sequence number
TCP port number

A user is curious about how someone might know a computer has been infected with malware. What are two common malware behaviors?

(Choose two.)

The computer beeps once during the boot process.
The computer emits a hissing sound every time the pencil sharpener is used.
The computer gets increasingly slower to respond.
No sound emits when an audio CD is played.
The computer freezes and requires reboots.

Which SIEM function is associated with speeding up detection of security threats by examining logs and events from different systems?

correlation
forensic analysis
aggregation
retention

Which capability is provided by the aggregation function in SIEM?

increasing speed of detection and reaction to security threats by examining logs from many systems and applications
presenting correlated and aggregated event data in real-time monitoring
searching logs and event records of multiple sources for more complete forensic analysis
reducing the volume of event data by consolidating duplicate event records

What three items are components of the CIA triad?

(Choose three.)

access
integrity
scalability
availability
confidentiality
intervention

Which statement describes the term iptables?

It is a DNS daemon in Linux.
It is a DHCP application in Windows.
It is a rule-based firewall application in Linux.
It is a file used by a DHCP server to store current active IP addresses

What is the tool that has alert records linked directly to the search functionality of the Enterprise Log Search and Archive (ELSA)?

Snort
Sguil
CapME
Wireshark

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question