1. Charline is working as an L2 SOC Analyst.

One day, an L1 SOC Analyst escalated an

incident to her for further investigation and confirmation. Charline, after a thorough
investigation, confirmed the incident and assigned it with an initial priority. What
would be her next action according to the SOC workflow?
A- She should immediately escalate this issue to the management
B- She should immediately contact the network administrator to solve the problem
C- She should communicate this incident to the media immediately
D- She should formally raise a ticket and forward it to the IRT

2. Which of the following tool can be used to filter web requests associated with the
SQL Injection attack?
A- Nmap
B- UrlScan
C- ZAP proxy
D- Hydra
3. Which of the following process refers to the discarding of the packets at the routing
level without informing the source that the data did not reach its intended
recipientWhich of the following process refers to the discarding of the packets at the
routing level without informing the source that the data did not reach its intended
recipient.
A- Load Balancing
B- Rate Limiting
C- Black Hole Filtering
D- Drop Requests
4. John as a SOC analyst is worried about the amount of Tor traffic hitting the network.
He wants to prepare a dashboard in the SIEM to get a graph to identify the locations
from where the TOR traffic is coming. Which of the following data source will he use
to prepare the dashboard?
A- DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName
resolution.
B- IIS/Web Server logs with IP addresses and user agent IPtouseragent
resolution.
C- DNS/ Web Server logs with IP addresses.
D- Apache/ Web Server logs with IP addresses and Host Name.
5. Which of the following command is used to view iptables logs on Ubuntu and Debian
distributions?
A- $ tailf /var/log/sys/kern.log
B- $ tailf /var/log/kern.log
C- # tailf /var/log/messages
D- # tailf /var/log/sys/messages
6. According to the Risk Matrix table, what will be the risk level when the probability of
an attack is very low and the impact of that attack is major?
A- High
B- Extreme
C- Low
D- Medium
7. Where will you find the reputation IP database, if you want to monitor traffic from
known bad IP reputation using OSSIM SIEM?
A- /etc/ossim/reputation
B- /etc/ossim/siem/server/reputation/data
C- /etc/siem/ossim/server/reputation.data
D- /etc/ossim/server/reputation.data
8. The Syslog message severity levels are labelled from level 0 to level 7. What does
level 0 indicate?
A- Alert
B- Notification
C- Emergency
D- Debugging
9. Which of the following formula is used to calculate the EPS of the organization?
A- EPS = average number of correlated events / time in seconds
B- EPS = number of normalized events / time in seconds
C- EPS = number of security events / time in seconds
D- EPS = number of correlated events / time in seconds
10. Which of the following technique involves scanning the headers of IP packets leaving
a network to make sure that the unauthorized or malicious traffic never leaves the
internal network?
A- Egress Filtering
B- Throttling
C- Rate Limiting
D- Ingress Filtering
11. What is the protocol commonly used for key exchange, where the keys are mutually
derived rather than directly exchanged?
A. OAKLEY
B. AES
C. Diffie- Hellman
D. PGP
12. What technique would a malware author use to try to make it past an anti- malware
solution?
A. Disassembly
B. Obfuscation
C. Reverse engineering
 D. Dropper
13. Which Nmap parameter would allow you to perform tasks like getting the Server
Message . Block workgroup a system is in?
A- - - script
B- - sScript
C- - sSMB
D- – Ss.
14. Which of these is an exploit that takes advantage of a vulnerability in the Server
Message Block protocol to compromise systems remotely?

A.WannaCry

B.BigBlue

C.EternalBlue

D.ShadowBrokers

15.What type of firewall would operate at layer 7 of the OSI model?

A. Stateful firewall

B. Deep packet inspection firewall

C. Web application firewall

D. Access control list

16. What is another term for masquerading?

A. Doppelganger

B. Ghost

C. Impersonation

D. Dual persona

17. What are the security functions described by the NIST Cybersecurity Framework?

A. Protect, Detect, Respond

B. Plan, Do, Check, Act

C. Identify, Plan, Check, Recover

D. Identify, Protect, Detect, Respond, Recover

18. Calvin, a software developer, uses a feature that helps him auto-generate the
content of a web page without manual involvement and is integrated with SSI directives. This
leads to a vulnerability in the developed web application as this feature accepts remote user
inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI
directives as input values to perform malicious activities such as modifying and erasing server
files. What is the type of injection attack Calvin's web application is susceptible to?

A.Server-side template injection

B.Server-side JS injection

C.CRLF injection

D.Server-side includes injection

19. Josh has finished scanning a network and has discovered multiple vulnerable services. He
knows that several of these usually have protections against external sources but are
frequently susceptible to internal users. He decides to draft an email, spoof the sender as the
internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh
sends the email, he decides to investigate other methods of getting the file onto the system.
For this particular attempt, what was the last stage of the cyber kill chain that Josh
performed?

A.Exploitation

B.Weaponization

C.Delivery

D.Reconnaissance

20. Shellshock allowed an unauthorized user to gain access to a server. It affected many
Internet-facing services, which OS did it not directly affect?

A.Linux

B.Unix

C.OS X

D.Windows