Which two statements are true regarding vulnerability assessments and threat hunting? (Choose two.) Threat hunting is an attempt to take advantage of the organization’s attack surface and breach a system,…
You work as a cybersecurity consultant for an organization that is building out its cybersecurity infrastructure. You have identified and implemented all critical elements, including firewalls, intrusion prevention systems, and…
Which three phases are associated with vulnerability testing? (Choose three.) asset discovery vulnerability assessment compromise system vulnerability remediation exploit vulnerability Explanation & Hint: The three phases associated with vulnerability testing…
You work for a small organization whose cybersecurity assets include a single firewall that is currently performing well. However, corporate policy dictates minimum resiliency for all cybersecurity elements. What is…
Which type of workflow is flow-based, progresses from one stage to the next, and does not step backward? sequential state machine rules-driven object-based process-based Explanation & Hint: The type of…
Which two functions are offered by a security WMS, but may not be offered by a SIEM? (Choose two.) workflow automation events correlation events normalization logs management playbook management Explanation…
What is a free and open transport mechanism that standardizes the automated exchange of cyber threat information? RESTful TAXII VERIS NetFlow TLP Explanation & Hint: A free and open transport…
Which two systems are typically integrated with the SOC WMS in order to improve the efficiency of SOC operations? (Choose two.) SIEM password management system ticketing system enterprise resource planning…
Which industry term describes security WMS vendors? SOAR SWMS SIEM CTI Explanation & Hint: The industry term that describes security Workflow Management System (WMS) vendors, which often encompasses the capabilities…
What is a typical task for the SOC Tier 1 analyst? Advise on what remediation is to be performed. Continuously monitor the alert queue. Perform forensics on the exploited endpoint.…
Which three processes and workflows often fall under the responsibilities of a SOC? (Choose three.) cybersecurity incident management threat intelligence and hunting governance and compliance management end-user passwords change management…
When implementing a SIEM solution, why is it important to have a good estimate of the rate of events per second that are coming into the SIEM and the historical…
Which statement about the dwell time is correct? It is the same as the time to detection. It is the same as the time to containment. It is the same…
Match the security control term to its definition. The security control did not detect actual malicious activity. ==> false negative The security control acted when it detected benign (nonmalicious) activity. ==> …
Who is responsible for finding the appropriate model to measure and report the effectiveness of the SOC to the organization? Tier 1 analyst CSO SOC manager senior analyst network manager…
Match the elements to create complete and accurate statements: uses advanced analytics to detect and investigate threats with great speed, accuracy, and focus ==> A SIEM can reduce the time…
Which two items affect the success of deploying a SIEM project? (Choose two.) form factor of a SIEM appliance engineering specifications of the SIEM business requirements SIEM vendor Explanation &…
Which security appliance acts like the glue between the various security controls in an organization to provide real-time reporting and analysis of security events? SIEM firewall IPS identity access and…
You identified the point of contact, or POC, within your organization that is the liaison to one or more external stakeholders. Why must the POC consult with the appropriate internal…
You work in the SOC of a U.S. federal agency where a data breach has just occurred. Multiple entities might need to be alerted, based on federal incident notification guidelines.…