CyberVista Security Operations and Monitoring Questions and Answers

Question 1

A Security Operations Center (SOC) analyst is overwhelmed with a high volume of alerts from various security tools. To improve efficiency and reduce response times, management decides to implement a solution that can aggregate data from different systems and automate response actions based on predefined playbooks. Which of the following technologies BEST describes this solution?

Accepted Answer

Security Orchestration, Automation, and Response (SOAR)

Answer

A SOAR (Security Orchestration, Automation, and Response) platform is designed to address this exact scenario. It integrates with various security tools to automate and orchestrate incident response workflows using playbooks, which significantly reduces manual effort and speeds up response times. While a SIEM collects and analyzes logs, it doesn't primarily focus on automated response actions.

Question 2

According to the NIST Special Publication 800-61, which phase of the incident response lifecycle involves learning from a security incident and implementing improvements to prevent its recurrence?

Accepted Answer

Post-Incident Activity

Answer

The Post-Incident Activity phase is the final stage in the NIST incident response lifecycle. This phase includes a 'lessons learned' meeting and analysis to understand the incident's root cause and improve security controls, policies, and procedures to prevent future similar incidents.

Question 3

A cybersecurity analyst receives a threat intelligence report detailing the specific Tactics, Techniques, and Procedures (TTPs) used by a newly identified advanced persistent threat (APT) group that targets financial institutions. What type of threat intelligence is this?

Accepted Answer

Operational

Answer

Operational threat intelligence provides insights into the 'how' and 'where' of an attack, focusing on the TTPs, motives, and campaign plans of specific threat actors. This information helps security teams understand the nature of attacks and anticipate future actions. Tactical intelligence is more focused on immediate indicators like malicious IPs or hashes.

Question 4

During a routine security audit, a vulnerability scanner identifies a critical cross-site scripting (XSS) flaw in a public-facing web application. Which of the following tools would be MOST appropriate for this type of discovery?

Accepted Answer

Web Application Vulnerability Scanner (e.g., Acunetix, OWASP ZAP)

Answer

Web application vulnerability scanners are specialized tools designed to scan and identify security flaws specific to web applications, such as SQL injection and cross-site scripting (XSS). While a SAST tool also finds vulnerabilities, it does so by analyzing source code, not by testing the running application from the outside.

Question 5

A SOC team is configuring its logging and monitoring strategy. Which of the following is a primary goal of continuous monitoring in a security operations context?

Accepted Answer

To maintain ongoing awareness of the organization's security posture and risks.

Answer

Continuous monitoring is the process of maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. It is a proactive and iterative process, not a one-time audit, and it complements, rather than replaces, incident response planning.

CyberVista Test Practice Test

CyberVista Test Practice Test

CyberVista Security Operations and Monitoring Questions and Answers