Security Operations Questions
Practice questions for Security Operations topic in CompTIA SecurityX. 22 questions covering this domain.
A SOC analyst is reviewing SIEM alerts and observes that a user account authenticated successfully from two geographically distant locations within a ...
Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and threat actor profiles, between organizations?
A threat hunting team discovers beaconing behavior in network logs: an internal host makes outbound HTTPS connections to the same external IP every 30...
After a security incident, the incident response team needs to determine the sequence of events that led to the initial compromise. Which phase of the...
A security analyst notices that the SIEM is generating thousands of alerts per day for a specific rule, but investigation reveals that nearly all of t...
A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was not detected by the endpoint protection tool. The a...
Which internal threat hunting technique deploys decoy systems or credentials to detect attacker lateral movement within the environment?
A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter needs to write a detection rule that can be used acr...
A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresses. The SOC team determines that most of these are ...
A threat hunter is building a threat intelligence capability and wants to receive automated, structured IoC feeds from industry peers in the financial...
During a forensic investigation, a security analyst must preserve evidence from a compromised Linux server before it is taken offline. Which action mu...
A SOC team is experiencing significant alert fatigue due to a high volume of low-fidelity SIEM alerts. Many alerts require the same five manual invest...
During incident response, a SOC analyst extracts a PowerShell script from a compromised host's event logs. The script makes outbound connections to a ...
Which threat intelligence transport protocol is designed to work with STIX and enables automated machine-to-machine sharing of threat intelligence bet...
A SOC analyst is investigating a phishing email that contains a suspicious URL. Before clicking the link, the analyst needs to safely determine whethe...
What is the primary purpose of a behavior baseline in security monitoring?
A threat hunter is investigating potential DNS tunneling in the environment. DNS tunneling encodes data in DNS query and response records to exfiltrat...
A SIEM correlation rule detects that a service account authenticated to 47 different servers within a 2-minute period at 2:00 AM, downloaded large vol...
A security analyst is investigating a malware sample and needs to identify indicators of compromise (IoCs) such as file hashes, C2 IP addresses, and r...
A threat hunting team wants to query endpoint telemetry for evidence of a known adversary technique: living-off-the-land (LotL) attacks that use signe...
Sign in to see all 22 questions
Create a free account to browse all questions — completely free during our launch phase.