Question 1

What does the term "Mean Time to Respond (MTTR)" signify in the context of security operations?

Options :

A : The average time taken to detect a threat after it enters the network

B : The average time taken by the security team to respond to and mitigate a security incident

C : The average time between identifying a threat and reporting it to stakeholders

D : The average time taken to patch a known vulnerability in the system

Answer: B

Question 2

Which characteristic best demonstrates a critical aspect of the "people" pillar in effective security operations?

Options :

A : Expertise in interpreting and analyzing security alerts generated by automated tools

B : Focus on reducing mean time to detect (MTTD) through automated systems

C : Procurement of cutting-edge cybersecurity tools and platforms

D : Outsourcing all security operations to third-party vendors

Answer: A

Question 3

As part of a cybersecurity training simulation, you are analyzing traffic logs for suspicious activities targeting a web application. Your task is to identify SQL injection techniques commonly used by attackers. Which two of the following are examples of SQL injection techniques? (Choose two)

Options :

A : Command injection

B : Union-based SQL injection

C : DNS tunneling

D : Error-based SQL injection

E : Cross-site scripting (XSS)

Answer: B,D

Question 4

Which tunneling protocol is best suited for encrypting traffic over the internet while supporting site-to-site and remote access VPNs with strong authentication features?

Options :

A : GRE (Generic Routing Encapsulation)

B : OpenVPN

C : PPTP (Point-to-Point Tunneling Protocol)

D : L2TP/IPsec (Layer 2 Tunneling Protocol with Internet Protocol Security)

Answer: D

Question 5

A Security Operations Center (SOC) team is tasked with improving their visibility across the organization’s network. Which of the following measures is the most effective to enhance visibility for threat detection and response?

Options :

A : Implementing a unified Security Information and Event Management (SIEM) system with log aggregation and analysis.

B : Relying solely on application logs for monitoring.

C : Deploying endpoint detection and response (EDR) tools to all devices.

D : Increasing the frequency of network scans to detect potential vulnerabilities.

Answer: A