Certified SOC Analyst v1.0

Page:    1 / 7   
Exam contains 103 questions
Expand All

Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?

  • A. De-Militarized Zone (DMZ)
  • B. Firewall
  • C. Honeypot
  • D. Intrusion Detection System


Answer : C

Reference: https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot

Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.

  • A. Failure Audit
  • B. Warning
  • C. Error
  • D. Information


Answer : B

Reference: https://docs.microsoft.com/en-us/windows/win32/eventlog/event-types

Which of the following factors determine the choice of SIEM architecture?

  • A. SMTP Configuration
  • B. DHCP Configuration
  • C. DNS Configuration
  • D. Network Topology


Answer : C

What does HTTPS Status code 403 represents?

  • A. Unauthorized Error
  • B. Not Found Error
  • C. Internal Server Error
  • D. Forbidden Error


Answer : D

Reference: https://en.wikipedia.org/wiki/HTTP_403

Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

  • A. 4656
  • B. 4663
  • C. 4660
  • D. 4657


Answer : D

Reference: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4657

Which of the following are the responsibilities of SIEM Agents?
1. Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2. Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3. Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4. Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

  • A. 1 and 2
  • B. 2 and 3
  • C. 1 and 4
  • D. 3 and 1


Answer : C

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?

  • A. SQL Injection Attack
  • B. Parameter Tampering Attack
  • C. XSS Attack
  • D. Directory Traversal Attack


Answer : A

Reference: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=001f5e09-88b4-4a9a-b310-4c20578eecf9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

  • A. COBIT
  • B. ITIL
  • C. SSE-CMM
  • D. SOC-CMM


Answer : C

Reference: https://www.iso.org/standard/44716.html

What does Windows event ID 4740 indicate?

  • A. A user account was locked out.
  • B. A user account was disabled.
  • C. A user account was enabled.
  • D. A user account was created.


Answer : A

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4740#:~:text=For%204740(S)%3A%20A,Security%20ID”%20is%20not%20SYSTEM.

Which of the following is a Threat Intelligence Platform?

  • A. SolarWinds MS
  • B. TC Complete
  • C. Keepnote
  • D. Apility.io


Answer : A

Reference: https://www.esecurityplanet.com/products/threat-intelligence-platforms/

A type of threat intelligent that find out the information about the attacker by misleading them is known as __________.

  • A. Threat trending Intelligence
  • B. Detection Threat Intelligence
  • C. Operational Intelligence
  • D. Counter Intelligence


Answer : C

Reference: https://www.recordedfuture.com/threat-intelligence/

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/wtmp.
What Chloe is looking at?

  • A. Error log
  • B. System boot log
  • C. General message and system-related stuff
  • D. Login records


Answer : D

Reference: https://stackify.com/linux-logs/

Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using threat actor TTPs, malware campaigns, tools used by threat actors.
1. Strategic threat intelligence
2. Tactical threat intelligence
3. Operational threat intelligence
4. Technical threat intelligence

  • A. 2 and 3
  • B. 1 and 3
  • C. 3 and 4
  • D. 1 and 2


Answer : A

Reference: https://hodigital.blog.gov.uk/wp-content/uploads/sites/161/2020/03/Cyber-Threat-Intelligence-A-Guide-For-Decision-Makers-and-Analysts-v2.0.pdf (38)

Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?

  • A. Tactics, Techniques, and Procedures
  • B. Tactics, Threats, and Procedures
  • C. Targets, Threats, and Process
  • D. Tactics, Targets, and Process


Answer : A

Reference: https://www.crest-approved.org/wp-content/uploads/CREST-Cyber-Threat-Intelligence.pdf

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

  • A. Windows Event Log
  • B. Web Server Logs
  • C. Router Logs
  • D. Switch Logs


Answer : B

Page:    1 / 7   
Exam contains 103 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy