Module 08 Security Operations

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/19

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:05 AM on 5/1/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

20 Terms

1
New cards

Which of the following is correct about cybersecurity automation?

a. Cybersecurity operations have been more manual than automated for many years.

b. Cybersecurity automation requires both AI and ML.

c. Cybersecurity automation has been used since the very beginning of cybersecurity.

d. Threat hunting relies heavily upon cybersecurity automation.

Cybersecurity operations have been more manual than automated for many years.

2
New cards

Which of the following is NOT true about an SOC?

a. It houses the IT security team.

b. It is responsible for detecting and analyzing cybersecurity incidents.

c. It uses strictly automatic processes.

d. It responds to cybersecurity incidents.

It uses strictly automatic processes.

3
New cards

Which of the following is NOT correct regarding cybersecurity automation?

a. Using manual cybersecurity processes by an SOC will tip the balance in favor of attackers.

b. Modern cyberattacks are highly automated so defenses need to be automated.

c. Cybersecurity automation is now required by most certification bodies.

d. Time spent on manual processes allows threat actors time to spread their malware.

Cybersecurity automation is now required by most certification bodies.

4
New cards

What is data correlation?

a. Finding linkages from multiple data sources

b. A requirement for using ML

c. A dated technology no longer used due to the introduction of SIEMs

d. Using a minimum of three external and three internal data sources to understand a zero-day attack

Finding linkages from multiple data sources.

5
New cards

Which of the following is NOT correct about data enrichment?

a. It is the enhancement of data for cybersecurity analysis.

b. It includes expanding data sources from a single organization and then combining that with similar data from other organizations.

c. It is both broad and deep.

d. It is identical to threat feed combination.

It is identical to threat feed combination.

6
New cards

What is a strict matching of bytes in an AV signature called?

a. Heuristic scanning

b. Skip scanning

c. String scanning

d. Match scanning

String scanning

7
New cards

Which of the following is NOT a disadvantage with digest and byte signature detection?

a. They are considered inaccurate.

b. They cannot always detect a cluster of malware files.

c. They are time intensive.

d. Threat actors can circumvent them by creating an armored virus.

They are considered inaccurate.

8
New cards

Which is an open standard that enables an automated vulnerability management, measurement, and policy compliance evaluation?

a. SORA

b. SCAP

c. SRSR

d. SARC

SCAP

9
New cards

Which of the following are configuration best practice statements?

a. CVE

b. CCE

c. CPE

d. CWE

CCE

10
New cards

Which of the following is NOT correct about scripting?

a. JavaScript, PHP, Python, and Ruby are common scripting languages.

b. The language runtime of a scripting language is usually included in the installation of the OS.

c. Scripting has features not found in formal programming language.

d. Scripting should not be used for automation.

Scripting should not be used for automation.

11
New cards

In which of the following processes do developers merge their changes back to the main branch of code as often as possible, even several times each day?

a. CI

b. CDE

c. CD

d. CX

CI

12
New cards

What is another name for application program interface (API) integration?

a. APIaaS

b. PaaS

c. SaaS

d. iPaaS

iPaas

13
New cards

Which of the following involves automating and combining many tasks and processes?

a. Multitask combination (MTC)

b. Cybersecurity automation

c. Workflow orchestration

d. Autoflow

Workflow orchestration

14
New cards

Which of the following platforms can take immediate action when it detects a malicious action?

a. SIEM

b. SOAR

c. RSOC

d. SAII

SOAR

15
New cards

Which of the following technologies can learn by itself without the continual instructions of a computer programmer?

a. AI

b. RA

c. ML

d. XI

ML

16
New cards

Which of the following is NOT a risk associated with using AI in cybersecurity?

a. Attackers can cloak themselves by attempting to alter the training data that is used by ML to produce false negatives.

b. The time needed for AI to provide indicators of attacks is considered too slow to be useful today.

c. Threat actors may turn to using AI for attacks to circumvent defenses.

d. AI-powered cybersecurity applications and their devices likewise have vulnerabilities that could be attacked and compromised so that the algorithms could be altered by threat actors to ignore attacks.

The time needed for AI to provide indicators of attacks is considered too slow to be useful today.

17
New cards

Which of the following is NOT a characteristic of threat hunting?

a. Recursive

b. Predominately human-oriented

c. Iterative

d. Proactive

Recursive

18
New cards

Which of the following security roles has the goal of securing the environment after an alarm has been raised?

a. Incident responder

b. Penetration tester

c. SOC analyst

d. Threat hunter

Incident responder

19
New cards

Which of the following is NOT the result of successful work performed by a threat hunter?

a. Bundling critical assets

b. Creating a new data enrichment threat feed

c. Reduction of the attack surface area

d. Improvement in detection capabilities

Creating a new data enrichment threat feed

20
New cards

Which level of threat hunting uses a threat hunting team integrated across the SOC?

a. Managed

b. Quantitatively managed

c. Optimized

d. Defined

Optimized