Q1
The report confidence metric is part of which CVSS v3.0 metrics group?
a. base
b. temporal
c. environmental
d. maturity
Q2
Which organiza on publishes a report of the top 10 most widely exploited web applica on
vulnerabili es?
a. OWASP
b. Spamhaus
c. Alexa
d. Farsight
Q3
Which capability is available when only the SOC operates at the highest level of the hun ng maturity
model (HM4)?
a. detec ng IDS or IPS malicious behaviors
b. automa ng of the analysis procedures
c. incorpora ng hunt techniques from external sources
d. using machine learning to assist with the analysis
Q4
Which organiza on can provide informa on to the security analysts about DNS?
a. OWASP
b. Spamhaus
c. Alexa
d. Farsight
Q5
The scope metric is part of which CVSS v3.0 metrics group?
a. base
b. temporal
c. environmental
d. maturity
, Q6
Which CVSS v3.0 metric group is op onally computed by the end-user organiza ons to adjust the
score?
a. temporal
b. environmental
c. maturity
d. scope
Q7
Which two statements are true about CVSS? (Choose two.)
a. CVSS is vendor agnos c.
b. CVSS is Cisco proprietary.
c. CVSS is designed to calculate the chances of a network being a acked.
d. CVSS is designed to help organiza ons determine the urgency of responding to an a ack.
Q8
Using environmental metrics, which three security requirement metric values allow the
confiden ality score to be customized depending on the cri cality of the affected IT asset? (Choose
three.)
a. none
b. secret
c. top secret
d. low
e. medium
f. high
Q9
During the cyber threat hun ng cycle, what is the next step a er the analyst created a hypothesis?
a. Based on the hypothesis, discover a pa ern or the a acker’s tac cs, techniques, and
procedures.
b. Document the hypothesis.
c. Inves gate the specific IOCs to determine what ac vi es support them.
d. Perform an inves ga on to validate the hypothesis.
The report confidence metric is part of which CVSS v3.0 metrics group?
a. base
b. temporal
c. environmental
d. maturity
Q2
Which organiza on publishes a report of the top 10 most widely exploited web applica on
vulnerabili es?
a. OWASP
b. Spamhaus
c. Alexa
d. Farsight
Q3
Which capability is available when only the SOC operates at the highest level of the hun ng maturity
model (HM4)?
a. detec ng IDS or IPS malicious behaviors
b. automa ng of the analysis procedures
c. incorpora ng hunt techniques from external sources
d. using machine learning to assist with the analysis
Q4
Which organiza on can provide informa on to the security analysts about DNS?
a. OWASP
b. Spamhaus
c. Alexa
d. Farsight
Q5
The scope metric is part of which CVSS v3.0 metrics group?
a. base
b. temporal
c. environmental
d. maturity
, Q6
Which CVSS v3.0 metric group is op onally computed by the end-user organiza ons to adjust the
score?
a. temporal
b. environmental
c. maturity
d. scope
Q7
Which two statements are true about CVSS? (Choose two.)
a. CVSS is vendor agnos c.
b. CVSS is Cisco proprietary.
c. CVSS is designed to calculate the chances of a network being a acked.
d. CVSS is designed to help organiza ons determine the urgency of responding to an a ack.
Q8
Using environmental metrics, which three security requirement metric values allow the
confiden ality score to be customized depending on the cri cality of the affected IT asset? (Choose
three.)
a. none
b. secret
c. top secret
d. low
e. medium
f. high
Q9
During the cyber threat hun ng cycle, what is the next step a er the analyst created a hypothesis?
a. Based on the hypothesis, discover a pa ern or the a acker’s tac cs, techniques, and
procedures.
b. Document the hypothesis.
c. Inves gate the specific IOCs to determine what ac vi es support them.
d. Perform an inves ga on to validate the hypothesis.
