What is the first phase in the incident response life cycle? identification containment preparation reporting Explanation & Hint: The first phase in the incident response life cycle is Preparation. This…
You work as a security analyst in a SOC and want to know if information about your organization’s network devices is available through open-source intelligence searches on the internet. Which…
What is a primary source for open-source intelligence? technical journals academic publications internet industry seminars Explanation & Hint: A primary source for open-source intelligence (OSINT) is the Internet. The Internet…
You are a CIO of an organization that is analyzing cyber threat intelligence information to determine current threat trends to discover if your industry vertical may be impacted. Which type…
You work in an incident response team as a threat hunter and are analyzing cyber threat intelligence to obtain more information on tactics, techniques, and procedures that potential adversaries use.…
Which two of the following statements about IOAs are true? (Choose two.) IOAs do not point to an attack that already happened; they point to an attack that might be…
What are the two general types of SOC reports? (Choose two.) management report progress report operational report executive report Explanation & Hint: The two general types of SOC (Security Operations…
What are two common alert dispositions? (Choose two.) true positive false positive malware clean undetected Explanation & Hint: Two common alert dispositions in the context of security operations are: True…
What can Tier 1 SOC analysts do to avoid potential errors due to inaccuracies in reconstructing the investigation activities? Escalate the investigation to a tier 2 SOC analyst for verification.…
An incident report typically starts with which section? Executive Summary Technical Summary Investigation Details Comments Supportive Documents Explanation & Hint: An incident report typically starts with an Executive Summary. This…
Which four of the following should be included along with each reported investigation action? (Choose four.) timestamp label for the data relevant data rationale recommendation external references Explanation & Hint:…
What is a common type of SOC performance metric? time-based threat-based attack-based alert-based Explanation & Hint: A common type of SOC (Security Operations Center) performance metric is time-based. This includes…
A threat investigation report is an example of which type of SOC report? management report progress report operational report executive report technical report Explanation & Hint: A threat investigation report…
Which statement is correct about case closing notes? They should include all the details about each discovered artifact related to the incident. They should support the analyst’s verdict. They should…
Which two security solutions or tools typically include built-in robust reporting and dashboards functionalities? (Choose two.) SIEM XDR antivirus firewall IPS Explanation & Hint: The two security solutions or tools…
What is commonly used by a SOC to engage the IR team as soon as possible? incident report initial notification case report progress report dashboard alert Explanation & Hint: To…
The alert verdict and the closing notes are usually also visible to the external stakeholders as part of which one of these? SOC Periodic Performance Operations Report SOC Dashboard SOC…
What is the time to investigate (TTI)? The time it takes to determine if an alert is a true positive or false positive The time it takes a security analyst…
In an organization, who typically develops the plays in the playbook? a team of SOC security analysts a team of SOC managers a team of incident response handlers a team…
Referring to the play that is shown here, which section contains the data query that the analyst runs to generate the desired report? objective working action analysis reference Explanation &…