Which two functions are offered by a security WMS, but may not be offered by a SIEM? (Choose two.) workflow automation events correlation events normalization logs management playbook management Explanation…
What is a free and open transport mechanism that standardizes the automated exchange of cyber threat information? RESTful TAXII VERIS NetFlow TLP Explanation & Hint: A free and open transport…
Which two systems are typically integrated with the SOC WMS in order to improve the efficiency of SOC operations? (Choose two.) SIEM password management system ticketing system enterprise resource planning…
Which industry term describes security WMS vendors? SOAR SWMS SIEM CTI Explanation & Hint: The industry term that describes security Workflow Management System (WMS) vendors, which often encompasses the capabilities…
What is a typical task for the SOC Tier 1 analyst? Advise on what remediation is to be performed. Continuously monitor the alert queue. Perform forensics on the exploited endpoint.…
Which three processes and workflows often fall under the responsibilities of a SOC? (Choose three.) cybersecurity incident management threat intelligence and hunting governance and compliance management end-user passwords change management…
When implementing a SIEM solution, why is it important to have a good estimate of the rate of events per second that are coming into the SIEM and the historical…
Which statement about the dwell time is correct? It is the same as the time to detection. It is the same as the time to containment. It is the same…
Match the security control term to its definition. The security control did not detect actual malicious activity. ==> false negative The security control acted when it detected benign (nonmalicious) activity. ==> …
Who is responsible for finding the appropriate model to measure and report the effectiveness of the SOC to the organization? Tier 1 analyst CSO SOC manager senior analyst network manager…
Match the elements to create complete and accurate statements: uses advanced analytics to detect and investigate threats with great speed, accuracy, and focus ==> A SIEM can reduce the time…
Which two items affect the success of deploying a SIEM project? (Choose two.) form factor of a SIEM appliance engineering specifications of the SIEM business requirements SIEM vendor Explanation &…
Which security appliance acts like the glue between the various security controls in an organization to provide real-time reporting and analysis of security events? SIEM firewall IPS identity access and…
You identified the point of contact, or POC, within your organization that is the liaison to one or more external stakeholders. Why must the POC consult with the appropriate internal…
You work in the SOC of a U.S. federal agency where a data breach has just occurred. Multiple entities might need to be alerted, based on federal incident notification guidelines.…
Which internal stakeholder will the SOC team work with to maintain the organization’s security posture of its intellectual property? network operations center human resources governance, risk, and compliance media Explanation…
US-CERT is a large scale, incident reporting agency that provides up-to-date information about high-impact security incidents affecting the critical infrastructure of the United States. Federal, state, and local government agencies…
You are a SOC analyst, and your supervisor has asked you to investigate suspicious activity. The team's threat hunter discovered this activity on a server that stores personal identity information…
You work in an organization’s SOC as a threat hunter. A new day-zero attack is “in the wild” and is now compromising systems on the internet beyond the research labs.…
You work in a SOC, and your organization has just suffered a data breach. Which internal stakeholder will provide guidance on the interpretation of laws and regulations during forensic procedures?…