In a SOC, the job of a Tier 1 Alert Analyst includes monitoring incoming alerts and verifying that a true security incident has occurred.
2. After a security incident is verified in a SOC, an incident responder reviews the incident but cannot identify the source of the incident and form an effective mitigation procedure. To whom should the incident ticket be escalated?
A. The SOC manager to ask for other personnel to be assigned
An incident responder is a Tier 2 security professional in a SOC. If the responder cannot resolve the incident ticket, the incident ticket should be escalated to the next tier support, a Tier 3. A Tier 3 SME would further investigate the incident.
3. Which two services are provided by security operations centers? (Choose two.)
Security operations centers (SOCs) can provide a broad range of services to defend against threats to information systems of an organization. These services include monitoring threats to network security and managing comprehensive solutions to fight against threats. Ensuring secure routing exchanges and providing secure Internet connections are tasks typically performed by a network operations center (NOC). Responding to facility break-ins is typically the function and responsibility of the local police department.
4. Which KPI metric does SOAR use to measure the time required to stop the spread of malware in the network?
The common key performance indicator (KPI) metrics compiled by SOC managers are as follows: • Dwell Time: the length of time that threat actors have access to a network before they are detected and the access of the threat actors stopped • Mean Time to Detect (MTTD): the average time that it takes for the SOC personnel to identify that valid security incidents have occurred in the network • Mean Time to Respond (MTTR): the average time that it takes to stop and remediate a security incident • Mean Time to contain (MTTC): the time required to stop the incident from causing further damage to systems or data • Time to Control the time required to stop the spread of malware in the network
5. If a SOC has a goal of 99.999% uptime, how many minutes of downtime a year would be considered within its goal?
Within a year, there are 365 days x 24 hours a day x 60 minutes per hour = 525,600 minutes. With the goal of uptime 99.999% of time, the downtime needs to be controlled under 525,600 x (1-0.99999) = 5.256 minutes a year.
6. Which organization offers the vendor-neutral CySA+ certification?
A security information and event management system (SIEM) combines data from multiple sources to help SOC personnel collect and filter data, detect and classify threats, analyze and investigate threats, and manage resources to implement preventive measures.
9. Which three technologies should be included in an SOC security information and event management system? (Choose three.)