Exam Questions And Correct Answer with
Rational (100% verified answer) Q & A 2026
/Instant download PDF
1.
What is the primary role of a SOC analyst?
A. Software development
B. Monitoring and responding to security incidents
C. Hardware maintenance
D. Database administration
Answer: B
Rationale: SOC analysts focus on detecting, analyzing, and responding to
cybersecurity threats.
2.
Which tool is commonly used for SIEM?
A. Wireshark
B. Splunk
C. Metasploit
D. Nmap
Answer: B
Rationale: Splunk is a widely used Security Information and Event Management
(SIEM) platform.
,3.
What does SIEM stand for?
A. Secure Internet Event Monitoring
B. Security Information and Event Management
C. System Integration and Endpoint Monitoring
D. Security Internal Event Mapping
Answer: B
Rationale: SIEM collects and analyzes security logs from multiple sources.
4.
Which attack involves overwhelming a system with traffic?
A. Phishing
B. DDoS
C. Spoofing
D. SQL injection
Answer: B
Rationale: DDoS floods a system to make it unavailable.
5.
What is the first step in incident response?
A. Eradication
B. Containment
C. Identification
D. Recovery
Answer: C
Rationale: Identifying the incident is the first phase in the incident response
lifecycle.
6.
,Which protocol is used for secure remote login?
A. HTTP
B. FTP
C. SSH
D. Telnet
Answer: C
Rationale: SSH encrypts remote sessions for secure communication.
7.
What does a false positive mean in SOC monitoring?
A. Real attack detected
B. Benign activity flagged as malicious
C. Malware infection
D. Firewall failure
Answer: B
Rationale: False positives occur when harmless activity is incorrectly flagged.
8.
Which malware spreads without user interaction?
A. Trojan
B. Worm
C. Adware
D. Keylogger
Answer: B
Rationale: Worms self-replicate across networks automatically.
9.
What is phishing?
A. Network scanning
, B. Social engineering attack via fake messages
C. Encryption method
D. Firewall rule
Answer: B
Rationale: Phishing tricks users into revealing sensitive data.
10.
Which log is most important for SOC analysis?
A. Printer logs
B. Security logs
C. Video logs
D. Audio logs
Answer: B
Rationale: Security logs provide information about system access and threats.
11.
What does IDS stand for?
A. Internet Defense System
B. Intrusion Detection System
C. Internal Data Service
D. Integrated Defense Software
Answer: B
Rationale: IDS monitors network traffic for malicious activity.
12.
What does IPS do?
A. Detects only
B. Prevents and blocks threats
C. Stores logs