Certified SOC Analyst-CSA Quiz Questions and Answers

 What are the responsibilities of L1 Security analyst?

Answer :
  • Monitoring security incidents 24/7 from various SOC entry channels (SIEM, e-mail, firewall, IDS, IPS)

Explanation :

https://www.edusum.com/ec-council/ecsa-ec-council-security-analyst

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

Answer :
  • $ tailf /var/log/kern.log

Explanation :

Default Location of Log file.

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

Answer :
  • Anomaly-based detection

Explanation :

Based on previous events.

Which of the following Windows Event Id will help you monitors file sharing across the network?

Answer :
  • 5140

Explanation :

Default Windows Event Id.

What type of event is recorded when an application driver loads successfully in Windows?

Answer :
  • Information

Explanation :

Default Windows Event Id.

Which of the following factors determine the choice of SIEM architecture?

Answer :
  • Network Topology

Explanation :

Others are not relevent.

Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

Answer :
  • Rainbow Table Attack

Explanation :

Pre Computed Hash Table.

Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Answer :
  • Hybrid Attack

Explanation :

Multiple rules togather.

David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.  This type of incident is categorized into?

Answer :
  • False Negative Incidents

Explanation :

Attack but NO alert.

Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

Answer :
  • Containment

Explanation :

ECIH Methodology