Cyberops quiz

SOAR predicts and prevents security alerts, while SIEM checks attack patterns and applies the mitigation.

SIEM predicts and prevents security alerts, while SOAR checks attack patterns and applies the mitigation.

SOAR's primary function is to collect and detect anomalies, while SIEM is more focused on security operations automation and response.

SIEM's primary function is to collect and detect anomalies, while SOAR is more focused on security operations automation and response.

SPAN improves the detection of media errors, while Tap provides direct access to traffic with lowered data visibility.

SPAN passively splits traffic between a network device and the network without altering it, while Tap alters response times.

Tap mirrors existing traffic from specified ports, while SPAN presents more structured data for deeper analysis.

Tap sends traffic from physical layers to the monitoring device, while SPAN provides a copy of network traffic from switch to destination.

Run ps -m to capture the existing state of daemons and map required processes to find the gap

Run ps -d to decrease the priority state of high load processes to avoid resource exhaustion

Run ps -u to find out who executed additional processes that caused a high load on a server

Run ps -ef to understand which processes are taking a high amount of resources

an organizational approach to events that could lead to asset loss or disruption of operations

an organizational approach to system backup and data archiving aligned to regulations

an organizational approach to disaster recovery and timely restoration of operational services

an organizational approach to security management to ensure a service lifecycle and continuous improvements

3DES

HMAC

MD5

AES

SHA

heuristics-based

behaviour-based

signature-based

routing-based

DHCP

DNS

ICMP

HTTP/HTTPS

active mode

mixed mode

passive mode

open mode

log collection

normalization

compliance

aggregation

network maintenance policy

remote access policy

acceptable use policy

incident handling procedures policy