Sign up to save your podcasts
Or
Share ISC2 CC Domain 5: Security Operations Exam Study Questions by Edward Henriquez
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ISC2 CC Domain 5: Security Operations Exam Study Questions by Edward Henriquez
Domain 5: Security Operations
What is the first step in the incident response process?
A. Containment
B. Detection and identification
C. Recovery
D. Eradication
Answer: B
What is the purpose of log analysis in security operations?
A. Enhance system performance
B. Identify and respond to suspicious activities
C. Encrypt data
D. Monitor user activity
Answer: B
Which of the following is a security incident?
A. Failed login attempt
B. Unauthorized access to sensitive files
C. Network scan from a trusted device
D. Scheduled maintenance
Answer: B
What is the purpose of a Security Information and Event Management (SIEM) system?
A. Detect malware
B. Centralize security monitoring and alerts
C. Automate patching
D. Block logins
Answer: B
What does “false positive” mean in security monitoring?
A. Actual threat detected
B. Threat blocked successfully
C. Benign activity mistaken as a threat
D. Failed login attempt
Answer: C
What is the primary purpose of vulnerability scanning?
A. Identify unpatched systems
B. Block malicious IPs
C. Encrypt communications
D. Monitor bandwidth
Answer: A
What is a common use case for a playbook in incident response?
A. Automate tasks
B. Guide teams through response
C. Configure firewall rules
D. Test vulnerabilities
Answer: B
What is the purpose of data retention policies?
A. Encrypt sensitive files
B. Define data storage duration
C. Automate backups
D. Block unauthorized access
Answer: B
Which type of malware locks users out until a ransom is paid?
A. Worm
B. Ransomware
C. Trojan
D. Spyware
Answer: B
What is the purpose of forensic analysis in security?
A. Detect ongoing attacks
B. Collect and analyze evidence
C. Enhance encryption
D. Automate scans
Answer: B
Which of the following prevents insider threats?
A. Network segmentation
B. Access monitoring and logging
C. Multi-factor authentication
D. Encryption
Answer: B
What is an important step in the post-incident process?
A. Block all external connections
B. Perform a root cause analysis
C. Encrypt logs
D. Restore access
Answer: B
Which of the following is an advanced persistent threat (APT)?
A. Phishing email
B. Long-term targeted attack by a skilled group
C. Malware via USB drives
D. Brute force attack
Answer: B
What is a zero-day vulnerability?
A. Exploited weakness before patch release
B. Outdated system vulnerability
C. Malware-infected system
D. Known weakness with no exploit
Answer: A
What is the purpose of a sandbox in malware analysis?
A. Isolate and observe suspicious programs
B. Encrypt files
C. Block traffic
D. Restore files
Answer: A
What is the role of a disaster recovery plan?
A. Restore operations after disruption
B. Prevent phishing attacks
C. Automate backups
D. Enforce compliance
Answer: A
What is the purpose of a business impact analysis (BIA)?
A. Identify critical functions and their loss impact
B. Detect malware infections
C. Test firewall efficiency
D. Test disaster plans
Answer: A
Which of the following is part of change management?
A. Evaluate risks before changes
B. Block unauthorized IPs
C. Automate vulnerability scans
D. Monitor physical access
Answer: A
What is the purpose of least privilege in access control?
A. Minimize user/system permissions
B. Encrypt data
C. Maximize productivity
D. Improve password complexity
Answer: A
What does a data loss prevention (DLP) solution do?
A. Prevents sensitive data from unauthorized access/transmission
B. Encrypts all network traffic
C. Blocks malicious email attachments
D. Restores deleted files
Answer: A
Patreon Support:
https://www.patreon.com/DecodedPodcast
View all episodes
By Edward HenriquezDomain 5: Security Operations
What is the first step in the incident response process?
A. Containment
B. Detection and identification
C. Recovery
D. Eradication
Answer: B
What is the purpose of log analysis in security operations?
A. Enhance system performance
B. Identify and respond to suspicious activities
C. Encrypt data
D. Monitor user activity
Answer: B
Which of the following is a security incident?
A. Failed login attempt
B. Unauthorized access to sensitive files
C. Network scan from a trusted device
D. Scheduled maintenance
Answer: B
What is the purpose of a Security Information and Event Management (SIEM) system?
A. Detect malware
B. Centralize security monitoring and alerts
C. Automate patching
D. Block logins
Answer: B
What does “false positive” mean in security monitoring?
A. Actual threat detected
B. Threat blocked successfully
C. Benign activity mistaken as a threat
D. Failed login attempt
Answer: C
What is the primary purpose of vulnerability scanning?
A. Identify unpatched systems
B. Block malicious IPs
C. Encrypt communications
D. Monitor bandwidth
Answer: A
What is a common use case for a playbook in incident response?
A. Automate tasks
B. Guide teams through response
C. Configure firewall rules
D. Test vulnerabilities
Answer: B
What is the purpose of data retention policies?
A. Encrypt sensitive files
B. Define data storage duration
C. Automate backups
D. Block unauthorized access
Answer: B
Which type of malware locks users out until a ransom is paid?
A. Worm
B. Ransomware
C. Trojan
D. Spyware
Answer: B
What is the purpose of forensic analysis in security?
A. Detect ongoing attacks
B. Collect and analyze evidence
C. Enhance encryption
D. Automate scans
Answer: B
Which of the following prevents insider threats?
A. Network segmentation
B. Access monitoring and logging
C. Multi-factor authentication
D. Encryption
Answer: B
What is an important step in the post-incident process?
A. Block all external connections
B. Perform a root cause analysis
C. Encrypt logs
D. Restore access
Answer: B
Which of the following is an advanced persistent threat (APT)?
A. Phishing email
B. Long-term targeted attack by a skilled group
C. Malware via USB drives
D. Brute force attack
Answer: B
What is a zero-day vulnerability?
A. Exploited weakness before patch release
B. Outdated system vulnerability
C. Malware-infected system
D. Known weakness with no exploit
Answer: A
What is the purpose of a sandbox in malware analysis?
A. Isolate and observe suspicious programs
B. Encrypt files
C. Block traffic
D. Restore files
Answer: A
What is the role of a disaster recovery plan?
A. Restore operations after disruption
B. Prevent phishing attacks
C. Automate backups
D. Enforce compliance
Answer: A
What is the purpose of a business impact analysis (BIA)?
A. Identify critical functions and their loss impact
B. Detect malware infections
C. Test firewall efficiency
D. Test disaster plans
Answer: A
Which of the following is part of change management?
A. Evaluate risks before changes
B. Block unauthorized IPs
C. Automate vulnerability scans
D. Monitor physical access
Answer: A
What is the purpose of least privilege in access control?
A. Minimize user/system permissions
B. Encrypt data
C. Maximize productivity
D. Improve password complexity
Answer: A
What does a data loss prevention (DLP) solution do?
A. Prevents sensitive data from unauthorized access/transmission
B. Encrypts all network traffic
C. Blocks malicious email attachments
D. Restores deleted files
Answer: A
Patreon Support:
https://www.patreon.com/DecodedPodcast