1. Which of the following is an example of an administrative control in
a security operations program?
A. Firewalls
B. Antivirus software
C. Security policies and procedures
D. Network segmentation
Answer: C) Security policies and procedures
Rationale: Administrative controls include policies, procedures, and
guidelines that govern security operations, unlike technical controls
such as firewalls or antivirus software.
2. What is the purpose of a Security Information and Event
Management (SIEM) system?
A. To create firewall rules
B. To log and analyze security-related data from various systems
C. To secure physical access to the data center
D. To implement encryption protocols
Answer: B) To log and analyze security-related data from various
systems
,Rationale: SIEM systems aggregate and analyze data from a variety of
sources, such as firewalls, intrusion detection systems (IDS), and
servers, to provide security monitoring and event management.
3. What is the purpose of a "kill chain" in the context of cybersecurity
operations?
A. To ensure that sensitive data is encrypted
B. To describe the stages of a cyberattack from initial access to
completion
C. To identify all network traffic for potential malicious activity
D. To evaluate the security posture of external partners
Answer: B) To describe the stages of a cyberattack from initial access to
completion
Rationale: The "kill chain" model outlines the stages of a cyberattack,
from the attacker’s initial access to the final exploitation, helping
defenders recognize and disrupt attacks at various stages.
4. Which of the following tools is commonly used for continuous
monitoring of security events and logs?
A. Antivirus software
B. Security Information and Event Management (SIEM)
C. Network Intrusion Prevention System (IPS)
D. Web Application Firewall (WAF)
Answer: B) Security Information and Event Management (SIEM)
, Rationale: SIEM systems are used for continuous monitoring and
analysis of security events, providing real-time alerts and insights to
help identify potential security threats.
5. What is the main purpose of conducting a business impact analysis
(BIA)?
A. To assess the cost of cybersecurity tools and technologies
B. To identify the potential impact of a disaster on critical business
functions
C. To monitor network traffic for vulnerabilities
D. To test incident response procedures
Answer: B) To identify the potential impact of a disaster on critical
business functions
Rationale: A BIA helps organizations identify and prioritize business
functions, assess the potential impact of disruptions, and develop
strategies for maintaining essential operations during and after a
disaster.
6. What is the purpose of a security patch management program?
A. To encrypt all data at rest
B. To ensure systems are updated with the latest security patches
C. To monitor for network intrusions
D. To perform regular risk assessments
a security operations program?
A. Firewalls
B. Antivirus software
C. Security policies and procedures
D. Network segmentation
Answer: C) Security policies and procedures
Rationale: Administrative controls include policies, procedures, and
guidelines that govern security operations, unlike technical controls
such as firewalls or antivirus software.
2. What is the purpose of a Security Information and Event
Management (SIEM) system?
A. To create firewall rules
B. To log and analyze security-related data from various systems
C. To secure physical access to the data center
D. To implement encryption protocols
Answer: B) To log and analyze security-related data from various
systems
,Rationale: SIEM systems aggregate and analyze data from a variety of
sources, such as firewalls, intrusion detection systems (IDS), and
servers, to provide security monitoring and event management.
3. What is the purpose of a "kill chain" in the context of cybersecurity
operations?
A. To ensure that sensitive data is encrypted
B. To describe the stages of a cyberattack from initial access to
completion
C. To identify all network traffic for potential malicious activity
D. To evaluate the security posture of external partners
Answer: B) To describe the stages of a cyberattack from initial access to
completion
Rationale: The "kill chain" model outlines the stages of a cyberattack,
from the attacker’s initial access to the final exploitation, helping
defenders recognize and disrupt attacks at various stages.
4. Which of the following tools is commonly used for continuous
monitoring of security events and logs?
A. Antivirus software
B. Security Information and Event Management (SIEM)
C. Network Intrusion Prevention System (IPS)
D. Web Application Firewall (WAF)
Answer: B) Security Information and Event Management (SIEM)
, Rationale: SIEM systems are used for continuous monitoring and
analysis of security events, providing real-time alerts and insights to
help identify potential security threats.
5. What is the main purpose of conducting a business impact analysis
(BIA)?
A. To assess the cost of cybersecurity tools and technologies
B. To identify the potential impact of a disaster on critical business
functions
C. To monitor network traffic for vulnerabilities
D. To test incident response procedures
Answer: B) To identify the potential impact of a disaster on critical
business functions
Rationale: A BIA helps organizations identify and prioritize business
functions, assess the potential impact of disruptions, and develop
strategies for maintaining essential operations during and after a
disaster.
6. What is the purpose of a security patch management program?
A. To encrypt all data at rest
B. To ensure systems are updated with the latest security patches
C. To monitor for network intrusions
D. To perform regular risk assessments
