Question 1
Which event is user interaction?
A. gaining root access
B. executing remote code
C. reading and writing file permission
D. opening a malicious file
Question 2
Which security principle requires more than one person is required to perform a critical task?
A. least privilege
B. need to know
C. separation of duties
D. due diligence
Question 3
How is attacking a vulnerability categorized?
A. action on objectives
B. delivery
C. exploitation
D. installation
Question 4
What is a benefit of agent-based protection when compared to agentless protection?
A. It lowers maintenance costs
B. It provides a centralized platform
C. It collects and detects all traffic locally
D. It manages numerous devices simultaneously
Question 5
Which principle is being followed when an analyst gathers information relevant to a security incident to determine the appropriate course of action?
A. decision making
B. rapid response
C. data mining
D. due diligence
Question 6
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?
A. confidentiality, identity, and authorization
B. confidentiality, integrity, and authorization
C. confidentiality, identity, and availability
D. confidentiality, integrity, and availability
Question 7
What is rule-based detection when compared to statistical detection?
A. proof of a user's identity
B. proof of a user's action
C. likelihood of user's action
D. falsification of a user's identity
Question 8
A user received a malicious attachment but did not run it. Which category classifies the intrusion?
A. weaponization
B. reconnaissance
C. installation
D. delivery
Question 9
Which process is used when IPS events are removed to improve data integrity?
A. data availability
B. data normalization
C. data signature
D. data protection
Question 10
An analyst is investigating an incident in a SOC environment. Which method is used to identify a session from a group of logs?
A. sequence numbers
B. IP identifier
C. 5-tuple
D. timestamps
