Completed: Apr 4 - 2:26 PM

POLU ASHA

100 %

Assessment Passed
Congratulations! You have successfully mastered the contents of The
Fundamentals of SOC course.

Total Points: 38/38 Correct Answers: 38/38

View Response Details

Close

Feedback

Add feedback...

Submit Feedback
Response Details

Section Results
Lesson 1: A Day in the Life of a SOC Analyst Points: 1/1

Lesson 2: Business Points: 5/5

Lesson 3: People Points: 2/2

Lesson 4: Process Points: 4/4

Lesson 5: Interfaces Points: 12/12

Lesson 6: Visibility Points: 3/3

Lesson 7: Technology Points: 9/9

Lesson 8: SOAR Points: 2/2

Your Responses

Question 1 of 38 +1

Which is not a top-three wish for Security Operations

Engineers?   6659747

Use previous incidents to prevent future attacks

Lessen the time required to take to contain a breach

Access tools to quickly investigate threats

 Reduce the number of alerts flowing into the SOC

Question 2 of 38 +1

How often should tabletop exercises be performed?

6659747

Once a year

Once every 6 months

Once a quarter

Once a month

Question 3 of 38 +1

Which pillar requires maintaining an SME specialist?

6659747

Interfaces

People

Business

Visibility

Technology

Processes

Question 4 of 38 +1

Which pillar enables you to anticipate, prepare, and react

to changes in security operations?   6659747

Interfaces

Technology

Visbility

Business

People

Processes

Question 5 of 38 +1

Which pillar defines the functions that need to happen to

achieve the stated goals?   6659747

People

Business

Visbility

Technology

Interfaces

Processes

Question 6 of 38 +1

How is SOAR different from SIEM? 6659747

It ingests alerts and drives them to response

 It monitors various sources for machine data

It provides real-time detection

It monitors alerts generated by applications and network hardware

Question 7 of 38 +1

Which element of the Processes pillar is part of the

Identification function?  6659747

Process Improvement

Detailed Analysis

Interface Agreements

Initial Research

Question 8 of 38 +1

Which business objective dictates how to measure

“performance” against the defined and socialized mission
statement?   6659747

Planning

Mission

Governance

Budget

Question 9 of 38 +1

Which element of the Processes pillar is rooted in

revisiting prior incidents?   6659747

Quality Review

Capability Improvement

Process Improvement

Tuning

Question 10 of 38 +1

Which element is a collaborative toolset used to

document, track, and notify the entire organization of
security incidents?
6659747

Knowledge Management

Vulnerability Management Tools

Asset Management

Case Management

Question 11 of 38 +1

Which element refers to technologies that enable

organizations to collect inputs monitored by the Security
Operations team?   6659747

SOAR

Knowledge Management
 Case Management

SIEM

Question 12 of 38 +1

Which element of the People pillar focuses on retaining

staff members?   6659747

Tabletop Exercises

Employee Utilization

Training

Career Path Progression

Question 13 of 38 +1

Which business objective is considered the roadmap that

guides the organization?   6659747

Planning

Mission

Governance

Budget

Question 14 of 38 +1

Which pillar identifies the scope of responsibilities and

separation of duties?   6659747
 Visbility

Technology

Interfaces

People

Processes

Business

Question 15 of 38 +1

Which element is considered a safe place to simulate an

end user’s environment to test unknown applications?
6659747

Dedicated Workstation

Virtual Private Network

Honey Pot

Malware Sandbox

Question 16 of 38 +1

Which element is a tool to assist organizations in

aggregating, correlating, and analyzing threat data from
multiple sources?   6659747

Threat Intelligence Platform

Case Management

Vulnerability Management Tools

 Knowledge Management

Question 17 of 38 +1

Which team is responsible for understanding, developing,

and maintaining both the physical and virtual network
design?   6659747

Network Security

SOC Engineering

Enterprise Architecture

IT Operations

Question 18 of 38 +1

In which of the four main core functions of security

operations should a detailed analysis take place?   6659747

Investigation

Mitigation

Continuous Improvement

Identification

Question 19 of 38 +1

Which business objective includes details about how the

Security Operations organization will achieve its goals?
 6659747

Planning

Governance

Mission

Budget

Question 20 of 38 +1

Which element protects HTTP applications from well-

known HTTP exploits?   6659747

Web Application Firewall

Intrusion Prevention and Detection

Malware Sandboxing

Web Proxy

Question 21 of 38 +1

Which pillar defines the step-by-step instructions and

functions that will be carried out?   6659747

Processes

Technology

Visibility

Business

People
 Interfaces

Question 22 of 38 +1

Which metric has skewed results that may cause analysts

to “cherry-pick” incidents?   6659747

Number of feeds into SIEM

Number of incidents handled

Mean Time to Resolution (MTTR)

Number of firewalls/rules deployed

Question 23 of 38 +1

Which element is used to gather information required to

determine the severity of an incident and builds the
foundation for an investigation?   6659747

Escalation Process

Alerting

Initial Research

Severity Triage

Question 24 of 38 +1

Which element is an essential cybersecurity control to

separate networks and enforce communication
restrictions between networks?   6659747

Web Proxy

Web Application Firewall

Intrusion Prevention and Detection

Firewall

Question 25 of 38 +1

Which element defines how the Security Operations team

and surrounding teams will interact?   6659747

Interface Agreements

Escalation Process

Quality Review

Change Control

Question 26 of 38 +1

Which pillar defines the purpose of the Security

Operations team to the business and how it will be
managed?   6659747

Business

Visibility

Technology

Interfaces

Processes
Question 27 of 38 +1

Which feature can mitigate or block malicious behavior

and is considered a proactive control?  6659747

Intrusion Prevention System (IPS)

Intrusion Detection System (IDS)

DNS Sinkholing

Behavioral Analysis

Question 28 of 38 +1

Which technology or technique can be implemented to

detect, deflect, and counteract malicious activities?
6659747

Endpoint Security

Honey Pot

DNS Sinkholing

Firewall

Question 29 of 38 +1

Which team identifies potential risks to the organization

that have not yet been observed in the network?   6659747
 Red and Purple

Threat Intelligence

Threat Hunting

Forensics and Telemetry

Question 30 of 38 +1

Which team is responsible for identifying and escalating

vulnerabilities in an organization’s assets, including
hardware and software?   6659747

Threat Intelligence

Operational Technology

Network Security

Vulnerability

Question 31 of 38 +1

Which element can reduce the number of unauthorized,

unpatched, or compromised devices from connecting to
the network?   6659747

Network Access Control

Virtual Private Network (VPN)

DNS Sinkholing

Identity and Access Management

Question 32 of 38 +1

Which element is a security technology that detects

malicious activity by identifying anomalous behavior
indicative of attacks?   6659747

Intrusion Prevention and Detection Systems

Endpoint Security

Malware Sandboxing

Behavioral Analysis

Question 33 of 38 +1

Which team is responsible for developing, implementing,

and maintaining the network security policies?   6659747

Operational Technology

IT Operations

Network Security

Vulnerability

Question 34 of 38 +1

Which element provides control for detecting and

protecting servers, PCs, laptops, phones, and tablets from
attacks such as exploits and malware?   6659747

Firewall
 Mobile Device Management

Endpoint Security

Malware Sandboxing

Question 35 of 38 +1

Which team is responsible for managing, monitoring, and

responding to alerts that may impact the availability and
performance of the IT infrastructure?   6659747

Network Security

Vulnerability

Operational Technology

IT Operations

Question 36 of 38 +1

Which element is responsible for building alert profiles

that identify the alerts to be forwarded for investigation?
6659747

Business Liaison

Threat Intelligence

Content Engineering

Forensics and Telemetry

Question 37 of 38 +1

Which team would have work tickets to reimage

machines, request system patching, or reject assets
joining the network?  6659747

IT Operations

DevOps

Operational Technology

Help Desk

Question 38 of 38 +1

Which element provides investigative support if legal

action is required?   6659747

Governance, Risk and Compliance

Enterprise Architecture

Business Liaison

Forensics and Telemetry