1.

The process of verifying the integrity and origin of a message using a unique
code generated by a hash function is called
Digital signature

2. public key cryptography uses the same key for both encryption and decryption
False
3. you want to monitor network traffic ,analyze performance and diagnose
issues.which tool or protocol can provide detailed insights into network activity
Snmp
4.John, SOC analyst wants to monitor the attempt of process creation activities
from any of their Windows endpoints. Which of following Splunk query will help
him to fetch related logs associated with process creation?
index=windows LogName=Security EventCode=4688 NOT (Account
Name=*$)......
5. which layer of the osi model control the reliability of communication blw
network devices and using flow control ,sequencing and acknowledgment
Transport
6. which layer of the tcp/ip stack combines the osi model physical and data link
layers
Network Access Layer
7. you are setting up email communication blw client and a mail server .which
protocol is commonly used for sending and receving emails
SMTP
8.According to the forensics investigation process, what is the next step carried out
right after collecting the evidence?
Create a Chain of Custody Document
9.Identify the attack when an attacker by several trial and error can read the
contents of a password file present in the restricted etc folder just by manipulating
the URL in the browser as shown:
http://www.terabytes.com/process.php../../../../../etc/passwd
Directory Traversal Attack

10.what is the purpose of a security isac

To facilitate the sharing of threat intelligence among organizations.

11. Scenario:which of the following is a secure method for distributing cryptographic

keys?

Using a trusted third party.

12. In the context of a soc, what is the purpose of a siem system

To collect and analyze security event data.

13. A hideous malware has infected ahmed's computer .what is the first action
ahmed should do to stop the malware incident from spreading

Turn off the infected machine.

14. Robin, a SOC engineer in a multinational company, is planning to implement a

SIEM. He realized that his organization can perform only Correlation. Analytics,
Reporting. Retention, Alerting, and Visualization required for the SIEM
Implementation and has to take collection and aggregation services from a
Managed Security Services Provider (MSSP). What kind of SIEM is Robin
planning to implement?

Cloud, Self-Managed

15.Scenario:an attacker intercepts encrypted message and tries every possible key
until the message is deciphered.this attack is known as

brute-force attack
16. The OSPF (Open Shortest Path First) protocol is:

All of these

17. Scenario:A cryptographic protocol that provides secure communication over an

untrusted network is known as
SSL

18. What does the term soc analyst typically refer to

A trained professional who monitors and responds to security alerts .

19. Which of the following is a common goal of a soc

Detecting and mitigating security threats

20. An organization has recently migrated system to cloud based services for their
critical applications.they are concerned about the security of data in transit and
want to ensure that all communication blw their on premise network and the cloud
service is encrypted .what technology should they implement?

VPN

21. In soc what does the term threat intelligences refer to

Knowledge about physical security threats and vulnerabilities.

22.Provide better performance than rip in large internet -worksNetwork are
monitored by security personnel and supervised by _ who set up alc and password
for unathorized attack

It managers

23. Mike is an Incident handler for PNP Infosystems Inc. One day, there was a
ticket raised regarding a critical incident and Mike was assigned to handle the
incident. During the process of incident handling, at one stage, he has performed
incident analysis and validation to check whether the incident is a true incident or a
false positive. Identify the stage in which he is currently in.

Incident Triage

24.John, a threat analyst at GreenTech Solutions, wants to gather information

about specific threats against the organization. He started collecting information
from various sources, such as humans, social media, chat room, and so on, and
created a report that contains malicious activity. Which of the following types of
threat intelligence did he use?

Operational Threat Intelligence

25. A root certificate authority and two subordinate certificate authorities have
been configured.the root server needs to be extremely secure,so make sure is
.which of the following approaches is advised for use

Have only administrator access to the root server.

26. Splunk require an agent to forward the data

True
27. Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst
escalated an incident to her for further investigation and confirmation. Charline,
after a thorough Investigation, confirmed the Incident and assigned it with an
initial priority. What would be her next action according to the SOC workflow?

She should formally raise a ticket and forward it to the IRT

28. An attacker exploits the logic validation mechanisms of an e-commerce

website. He successfully purchases a product worth $100 for $10 by modifying the
URL exchanged between the client and the server. Original URL:
http://www.buyonline.com/product.aspx?profile=12&debit=100 Modified URL:
http://www.buyonline.com/product.aspx?profile=12&debit=10 Identify the attack
depicted in the above scenario.
Parameter Tampering Attack

29. Which of the following allow lan user to share computer program and data
File server

30. Which of the following is not a common category of security incident that a soc might deal
with

Employee payroll processing.

31. Which of the following wifi-chacking techniques involves painting symbol in

public spaces to open promote open wifi network
Warchalking.

32. select the main ground process in splunk

Splunkd and splunkweb.

33. How does a switch differ from a hub

A switch tracks MAC addresses of directly connected devices.

34. What is the primary role of a soc

Monitor and respond to security incidents.

35. Network traffic is being monitored by a cybersecurity team for any suspicious
activites.when it notices an attempt at unauthorized access to a crucial server,it
signals an alert.the system is set up to be extremely vigilant for any poterntial
dangers

The system incorrectly identifies a legitimate user's access as unauthorized and

triggers an alert.

36. The soc was created at a tech starup with rapid growth to strengthen the
organization security posture.the company handles private consumer information
and completes in a cutthroat market.what is the primary focus on the soc role ?

Proactively detecting and responding to security threats and incidents.

37. In the context of a soc ,what is the term for a false positive
A security alert that is not a real threat.

38. A _ is a device that forward packets blw network by processing the routing
information included in the packet
Router

39. In a remote jungle with no internet access , a remote research center has been
established .the institution need an internal network to link up several sensors and
gadgets for data gathering and processing .routing protocol must be setup for the
network .which routing protocol would be the best optionfor creating connectivity
among the devices in the remote research center without internet access

Static routing.
40. What is the process of monitoring and capturing all data packets passing
through a given network using different tools?

Network Sniffing.

41. Splunk is used by a financial institution for log analyis and monitoring.during
off peak hours,they notice a sharp rise in failed login attempt on several
servers.which splunk feature could be used to create a visualization that present a
clear comparison of failed login attempt across different servers over a specific
time range?

Dashboards

42. What does [-n] in the following checkpoint firewall log syntax represents? fw
log [-f [-t]] [-n] [-1] [-o] [-c action] [-h host] [-s start_time] [-e end_time] [-b
start_time end_time] [-u unification_scheme_file] [-m unification_mode(initial |
semi | raw)] [-a] [-k (alert_name|all)] [-g] [logfile]
Speed up the process by not performing IP addresses DNS resolution in the Log
files.

43. which of the following can help you eliminate the buden of investigating false
positives?

Ingesting the context data

44. The process of converting plaintext into ciphertext using a specific algorithm
and a secret key is called
Encryption.
45. The primary purpose of a SIRT (Security Incident Response Team) in a SOC
(Security Operations Center) is:
To investigate and respond to security incidents.

46. Mary travels frequently and is concerned that her laptop containing sensitive
information will be stolen.what is the most effective protection for her?

Full disk encryption

47. What is the main goal of incident response in a soc ?

To quickly identify and mitigate security incidents.

48. During a digital forenics investigation a loptop is seized as potential evidences

in a cybercrimes case. the laptop is stored in a secure evidence locker until it can
be analyzed .for what the following reason the laptop has been seized ?

Chain of custody.

49. A company has recently experienced a data breach where sensitive information
was stolen, the attack vector was a vulnerable web application.what security
measure should the company implement to prevent similar attack in the future?

WAF (Web Application Firewall).

50.In the context of a SOC (Security Operations Center), the acronym SIEM stands
for:

Security Incident and Event Management.

51.what does session hijacking happen?

After the three-step handshake

52. which of the following is not a common component of a soc?

manage human resources

53. an organization has a class b network and wishes to form subnets for 64
department .the subnets mask would be?

255.255.252.0

54. bob receives an encrypted message form alice .he uses his private key to
decrypt the message .what type of cryptography is this

Asymmetric cryptography

55. alice want to secure exchange keys with bob over an internet channel.which
protocol can they use for key exchange?

Diffie-Hellman

56. alice want to send a confidential message to bob over an insecure channel.what
technique can she use to ensure the message confidentially?
Symmetric encryption

57. what cryptographic concept involves combining a secret key with the message
to generate a fixed hash value ?

Hash function

58. what is the method of luring and studying possible attackers using realistic but
synthetic it environment in a soc,allowing analyst to gather intelligence and
identify new threats?
Honeyspot deployment
59. your company require a network setup where each device is connected to a
central hub.which network topology fits its description?
Star topology