Certified SOC Analyst

15問 • 4ヶ月前

問題一覧

In the context of a Security Operations Center (SOC), what command would you use to view all current network connections and listening ports on a system?

B. netstat -an

Which tool in a SOC environment is primarily used for aggregating and analyzing large volumes of log data to detect suspicious activities?

D. Splunk

Fill in the blank: A SOC analyst monitors _____ to detect and respond to incidents in real-time.

C. network traffic

An analyst at a SOC is investigating a security alert from an intrusion detection system. The alert could indicate a potential breach. What is the first step the analyst should take?

D. Verify the alert’s legitimacy by checking logs and system activities related to the alert.

During a routine check, a SOC analyst discovers an anomaly in outbound traffic that suggests data exfiltration. Which of the following steps should they take first?

D. Isolate the affected system to prevent further unauthorized data transfer.

What command is used in a SOC to trace the path data takes from the server to a specific IP address, crucial for analyzing potential security breaches?

A. traceroute 192.168.1.1

During an incident response, which documentation practice is critical for ensuring that the SOC team can review the incident lifecycle and improve future responses?

B. Maintaining a comprehensive incident report

Fill in the blank: In SOC operations, maintaining a(n) _____ log is crucial for tracking actions taken during incident handling.

C. change management

A SOC team receives an alert about possible unauthorized access to a server. What is the initial step they should follow according to standard SOC procedures?

D. Review the initial alert to verify its accuracy and gather context.

After resolving a security incident, what should a SOC analyst do first to enhance future readiness?

A. Conduct a post-incident review to identify response effectiveness and any needed improvements.

What command does a Tier I SOC analyst use to verify if a server is up and responding to network requests after receiving an alert?

C. ping 192.168.0.15

A Tier II SOC analyst suspects a phishing attempt. Which tool should they use to analyze the email header for originating IP address?

D. Email header analyzer

Fill in the blank: Tier I SOC analysts are primarily responsible for monitoring security alerts and initiating _____.

D. incident escalation

During a late-night shift, a Tier I SOC analyst notices unusual outbound traffic patterns from a critical server. What should be their first course of action?

B. Verify the authenticity of the traffic pattern with baseline comparisons.

A Tier II SOC analyst receives an escalation involving suspicious registry changes on a workstation. What is their first investigative step?

C. Review the change logs to confirm if the changes were authorized.

ＩＴパスポートパーフェクトラーニング過去問題集令和６年度第２部

O SHI · 50問 · 7日前

ＩＴパスポートパーフェクトラーニング過去問題集令和６年度第２部

50問 • 7日前

O SHI

ＩＴパスポートパーフェクトラーニング過去問題集令和６年度第１部

O SHI · 50問 · 7日前

ＩＴパスポートパーフェクトラーニング過去問題集令和６年度第１部

情報

情報

認定Platformアドミニストレーター問題集(TysonBlog_1)

myukyosh · 100問 · 27日前

認定Platformアドミニストレーター問題集(TysonBlog_1)

愛玩動物飼養管理士②

愛玩動物飼養管理士②

愛玩動物飼養管理士2級 2023 part1

ユーザ名非公開 · 100問 · 29日前

愛玩動物飼養管理士2級 2023 part1

100問 • 29日前

ユーザ名非公開

基本情報技術者試験

ユーザ名非公開 · 100問 · 1ヶ月前

基本情報技術者試験

1-01お客様の満足度を高める仕事①

1-01お客様の満足度を高める仕事①

3-5 セキュリティ

3-5 セキュリティ

セキュリティ

セキュリティ

過去問

過去問

オフィスセキュリティ1

オフィスセキュリティ1

なぜITを学ぶのか

smile smile · 11問 · 7ヶ月前

なぜITを学ぶのか

乙4

乙4

コンプティアセキュリティ

ユーザ名非公開 · 36回閲覧 · 100問 · 11ヶ月前

コンプティアセキュリティ

AWS-CLF直前対策問題０１～７０

AWS-CLF直前対策問題０１～７０

情報I

情報I

たま一郎

たま一郎

セキュリティⅠ

セキュリティⅠ

問題一覧

In the context of a Security Operations Center (SOC), what command would you use to view all current network connections and listening ports on a system?

B. netstat -an

Which tool in a SOC environment is primarily used for aggregating and analyzing large volumes of log data to detect suspicious activities?

D. Splunk

Fill in the blank: A SOC analyst monitors _____ to detect and respond to incidents in real-time.

C. network traffic

An analyst at a SOC is investigating a security alert from an intrusion detection system. The alert could indicate a potential breach. What is the first step the analyst should take?

D. Verify the alert’s legitimacy by checking logs and system activities related to the alert.

During a routine check, a SOC analyst discovers an anomaly in outbound traffic that suggests data exfiltration. Which of the following steps should they take first?

D. Isolate the affected system to prevent further unauthorized data transfer.

What command is used in a SOC to trace the path data takes from the server to a specific IP address, crucial for analyzing potential security breaches?

A. traceroute 192.168.1.1

During an incident response, which documentation practice is critical for ensuring that the SOC team can review the incident lifecycle and improve future responses?

B. Maintaining a comprehensive incident report

Fill in the blank: In SOC operations, maintaining a(n) _____ log is crucial for tracking actions taken during incident handling.

C. change management

A SOC team receives an alert about possible unauthorized access to a server. What is the initial step they should follow according to standard SOC procedures?

D. Review the initial alert to verify its accuracy and gather context.

After resolving a security incident, what should a SOC analyst do first to enhance future readiness?

A. Conduct a post-incident review to identify response effectiveness and any needed improvements.

What command does a Tier I SOC analyst use to verify if a server is up and responding to network requests after receiving an alert?

C. ping 192.168.0.15

A Tier II SOC analyst suspects a phishing attempt. Which tool should they use to analyze the email header for originating IP address?

D. Email header analyzer

Fill in the blank: Tier I SOC analysts are primarily responsible for monitoring security alerts and initiating _____.

D. incident escalation

During a late-night shift, a Tier I SOC analyst notices unusual outbound traffic patterns from a critical server. What should be their first course of action?

B. Verify the authenticity of the traffic pattern with baseline comparisons.

A Tier II SOC analyst receives an escalation involving suspicious registry changes on a workstation. What is their first investigative step?

C. Review the change logs to confirm if the changes were authorized.