Q1
You are reviewing career opportunities in cybersecurity and have found the following
opportunity on an online job board: Are you passionate about cybersecurity? Want to create
order from chaos?
Job Description: Leading international MSSP seeking a high-energy individual to
monitor, filter, prioritize, and flag security events as possible security incidents or
false positives to a senior security analyst through a wide variety of tools and systems.
Although this position is entry-level, it requires a considerable breadth of knowledge
and a related skill set.
Job Requirements: Self-starting, highly motivated team player with a bachelor’s
degree in a technical discipline such as cybersecurity, information technology,
computer science, or equivalent industry experience.
This position is referring to which SOC role?
a. SOC manager
b. Tier 1, Triage specialist
c. Tier 3
d. Chief Information Security Officer
Q2
You are reviewing career opportunities in cybersecurity and have discovered the following
opportunity on an online job board: Are you a cybersecurity specialist with a passion for
stopping threat actors in their tracks?
Job Description: Leading international MSSP seeking experienced cybersecurity
professionals to provide proactive threat hunting activities to protect our customer
base.
Job Requirements: Cybersecurity professional with at least two years of experience
in the industry. You will proactively identify threats, security breaches, and
vulnerabilities. Knowledge of vulnerability testing and penetration testing tools a plus.
Also, Cisco Secure Malware Analytics (formally, Cisco Threat Grid) and Cisco
SecureX platform knowledge are a plus.
This position refers to which SOC job role you learned about?
a. SOC manager
b. Tier 1, Triage specialist
c. Tier 3, Threat Hunter
d. Chief Information Security Officer
,Q3
Which two of the following are widely known cybercriminal groups?
a. Organized crime
b. Religious organizations
c. Private hackers disguised as nonprofit organizations
d. State-affiliated
e. University students
f. White hat hackers
Q4
You have just been hired as a Triage Specialist at an MSSP, and you are undergoing
orientation with the CISO. She impresses upon you that all the work you perform on your
own or on behalf of another SOC analyst must adhere to multiple compliance and security
standards so they are admitted as evidence in a court of law. The CISO provides you with a
booklet documenting these standards and procedures. What aspect of cybersecurity is the
CISO addressing with you?
a. Malware mitigation: Proactively detecting malware that could be released on the
network.
b. Vulnerability testing: Proactively seeking security weaknesses in corporate
applications.
c. Forensics: Following established procedures to support legal proceedings in post-
incident response.
d. Penetration testing: Proactively seeking security weaknesses by attacking the
production system.
Q5
You are a Tier 1 SOC Analyst–Triage Specialist performing incidence response functions
with your Tier 2 and Tier 3 colleagues. It has just been determined that the zero-day
ransomware attack placed the malware on your network three weeks ago. What is the term for
this three-week period?
a. forensic gathering time
b. vulnerability testing time
c. incident prevention time
d. dwell time
, Q6
What three items could be a cause of SOC analyst burnout? (Choose three.)
a. Increased workload resulting from complex data flows originating from hybrid cloud
infrastructures
b. Additional security devices that are placed on the network that increase the number of
false positive alerts
c. Improved collaborative communications between the SOC team members
d. Lack of automation to reduce the number of false positive alerts
e. Improved product integrations between various security systems
Q7
During your new-hire orienta on, the CISO emphasizes that the primary goal of an MSSP SOC
provider is to focus on security opera ons to ensure business con nuity. Which is an example of
business con nuity provided by the MSSP SOC?
a. reactively patching an unstable network that costs time and resources to maintain
b. maintaining the security posture of a customer’s network infrastructure, which
provides business revenue and corporate credibility
c. bringing cybercriminals to legal justice
d. quarantining a network segment upon ransomware attack
Q8
What is the reason why the SOC must work with other departments in their activities?
a. Corporate governance dictates that the SOC cannot be solely responsible for the
cybersecurity effort.
b. From a costing standpoint, it is simply impossible to finance a SOC so that it can work
autonomously.
c. To adhere to internationally recognized standards and procedures, it is essential to have
guidance and participation from other departments during incident investigations.
d. The SOC is a relatively new corporate entity and, as such, lacks the maturity to work on
its own.
Q9
The incident response phases can be grouped into detect, respond, and recover. Which of the
following is not considered a step in any of these three phases?
You are reviewing career opportunities in cybersecurity and have found the following
opportunity on an online job board: Are you passionate about cybersecurity? Want to create
order from chaos?
Job Description: Leading international MSSP seeking a high-energy individual to
monitor, filter, prioritize, and flag security events as possible security incidents or
false positives to a senior security analyst through a wide variety of tools and systems.
Although this position is entry-level, it requires a considerable breadth of knowledge
and a related skill set.
Job Requirements: Self-starting, highly motivated team player with a bachelor’s
degree in a technical discipline such as cybersecurity, information technology,
computer science, or equivalent industry experience.
This position is referring to which SOC role?
a. SOC manager
b. Tier 1, Triage specialist
c. Tier 3
d. Chief Information Security Officer
Q2
You are reviewing career opportunities in cybersecurity and have discovered the following
opportunity on an online job board: Are you a cybersecurity specialist with a passion for
stopping threat actors in their tracks?
Job Description: Leading international MSSP seeking experienced cybersecurity
professionals to provide proactive threat hunting activities to protect our customer
base.
Job Requirements: Cybersecurity professional with at least two years of experience
in the industry. You will proactively identify threats, security breaches, and
vulnerabilities. Knowledge of vulnerability testing and penetration testing tools a plus.
Also, Cisco Secure Malware Analytics (formally, Cisco Threat Grid) and Cisco
SecureX platform knowledge are a plus.
This position refers to which SOC job role you learned about?
a. SOC manager
b. Tier 1, Triage specialist
c. Tier 3, Threat Hunter
d. Chief Information Security Officer
,Q3
Which two of the following are widely known cybercriminal groups?
a. Organized crime
b. Religious organizations
c. Private hackers disguised as nonprofit organizations
d. State-affiliated
e. University students
f. White hat hackers
Q4
You have just been hired as a Triage Specialist at an MSSP, and you are undergoing
orientation with the CISO. She impresses upon you that all the work you perform on your
own or on behalf of another SOC analyst must adhere to multiple compliance and security
standards so they are admitted as evidence in a court of law. The CISO provides you with a
booklet documenting these standards and procedures. What aspect of cybersecurity is the
CISO addressing with you?
a. Malware mitigation: Proactively detecting malware that could be released on the
network.
b. Vulnerability testing: Proactively seeking security weaknesses in corporate
applications.
c. Forensics: Following established procedures to support legal proceedings in post-
incident response.
d. Penetration testing: Proactively seeking security weaknesses by attacking the
production system.
Q5
You are a Tier 1 SOC Analyst–Triage Specialist performing incidence response functions
with your Tier 2 and Tier 3 colleagues. It has just been determined that the zero-day
ransomware attack placed the malware on your network three weeks ago. What is the term for
this three-week period?
a. forensic gathering time
b. vulnerability testing time
c. incident prevention time
d. dwell time
, Q6
What three items could be a cause of SOC analyst burnout? (Choose three.)
a. Increased workload resulting from complex data flows originating from hybrid cloud
infrastructures
b. Additional security devices that are placed on the network that increase the number of
false positive alerts
c. Improved collaborative communications between the SOC team members
d. Lack of automation to reduce the number of false positive alerts
e. Improved product integrations between various security systems
Q7
During your new-hire orienta on, the CISO emphasizes that the primary goal of an MSSP SOC
provider is to focus on security opera ons to ensure business con nuity. Which is an example of
business con nuity provided by the MSSP SOC?
a. reactively patching an unstable network that costs time and resources to maintain
b. maintaining the security posture of a customer’s network infrastructure, which
provides business revenue and corporate credibility
c. bringing cybercriminals to legal justice
d. quarantining a network segment upon ransomware attack
Q8
What is the reason why the SOC must work with other departments in their activities?
a. Corporate governance dictates that the SOC cannot be solely responsible for the
cybersecurity effort.
b. From a costing standpoint, it is simply impossible to finance a SOC so that it can work
autonomously.
c. To adhere to internationally recognized standards and procedures, it is essential to have
guidance and participation from other departments during incident investigations.
d. The SOC is a relatively new corporate entity and, as such, lacks the maturity to work on
its own.
Q9
The incident response phases can be grouped into detect, respond, and recover. Which of the
following is not considered a step in any of these three phases?
