Improve SOC Incident Response Time

Questions and Answers

What can block an attack at Layer 7?

NAC

WAF (correct)

HSM

HIDS

How can a business operations manager mitigate concerns about a PC hardware failure?

Purchase cybersecurity insurance

Implement a full system upgrade

Perform a physical-to-virtual migration (correct)

Install uninterruptible power supplies

What is the BEST action to prevent reinfection from an infection vector on an internet-facing Windows server?

Create a firewall rule that blocks port 22 from the internet to the server

Prevent connections over TFTP from the internal network

Disable file sharing over port 445 to the server

Block port 3389 inbound from untrusted networks (correct)

Which of the following actions is commonly used to prevent malware reinfection?

Implementing application whitelisting

What technology uses SAML for authentication?

Federation

In cybersecurity, which technology is specifically designed to protect web applications?

NIDS

What should the SOC consider to BEST improve its response time?

Implement a SOAR with customizable playbooks

In the context of validating transactions securely, which solution is the BEST to adopt?

PKI

What technology BEST meets the requirements of providing centralized infrastructure management and consistent user desktop experience?

VDI

To enhance incident response time, what should be done with OSINT artifacts?

Catalog them in a central repository

Which technology is NOT typically used for transaction validation and artifact issuance?

OAuth

What method should be recommended to reduce the need for constant replacement of aging end-user machines?

Implementing VDI environments

After discovering large data exfiltration during a penetration test, what should be the client's NEXT step to mitigate the issue?

Perform containment on the critical servers and resources

What type of controls should a security analyst implement to limit unauthorized access to a physical site with the lowest possible budget?

Deterrent controls

A company is migrating servers to the cloud to reduce its technology footprint. Which solution will require the LEAST management and support?

SaaS

Who is responsible for protecting an organization's collected personal information?

Data Protection Officer

What was the reason a RAM image could not be taken?

The computer was turned off

To compare biometric solutions for the highest likelihood of denying unauthorized access, what should an organization focus on?

FRR

In the case of a data leak involving proprietary information, what is the BEST remediation approach?

CASB

In the scenario where an attacker spoofed the IP address associated with a shopping site, which attack took place?

On-path attack

What was confirmed about the corporate network in the data leak incident involving the COPE tablet?

It was secure

When a company is considering transitioning to the cloud, what aspect should be evaluated?

Network security

What type of malware is MOST likely causing the repeated deletion of files when the Chief Financial Officer logs in to the file server?

Logic bomb

After identifying malware spreading through the corporate network, what should the analyst do NEXT?

Attempt to quarantine all infected hosts to limit further spread

What caused the company to realize it was still vulnerable despite applying rules to inbound traffic and implementing ACLs on critical servers?

Outbound traffic not being restricted

In which stage of the Cyber Kill Chain is the adversary currently operating if they are able to maintain a presence in the network?

Command and control

What would be the most appropriate action for preventing similar issues in the future after a logic bomb incident?

Monitoring system logs for unusual activities

Why is it important for a security analyst to activate the CSIRT after identifying malware spreading through the corporate network?

To involve a response team with expertise in handling security incidents