Domain 5: Security Operations

What is the first step in the incident response process?

A. Containment

B. Detection and identification

C. Recovery

D. Eradication

Answer: B

What is the purpose of log analysis in security operations?

A. Enhance system performance

B. Identify and respond to suspicious activities

C. Encrypt data

D. Monitor user activity

Answer: B

Which of the following is a security incident?

A. Failed login attempt

B. Unauthorized access to sensitive files

C. Network scan from a trusted device

D. Scheduled maintenance

Answer: B

What is the purpose of a Security Information and Event Management (SIEM) system?

A. Detect malware

B. Centralize security monitoring and alerts

C. Automate patching

D. Block logins

Answer: B

What does “false positive” mean in security monitoring?

A. Actual threat detected

B. Threat blocked successfully

C. Benign activity mistaken as a threat

D. Failed login attempt

Answer: C

What is the primary purpose of vulnerability scanning?

A. Identify unpatched systems

B. Block malicious IPs

C. Encrypt communications

D. Monitor bandwidth

Answer: A

What is a common use case for a playbook in incident response?

A. Automate tasks

B. Guide teams through response

C. Configure firewall rules

D. Test vulnerabilities

Answer: B

What is the purpose of data retention policies?

A. Encrypt sensitive files

B. Define data storage duration

C. Automate backups

D. Block unauthorized access

Answer: B

Which type of malware locks users out until a ransom is paid?

A. Worm

B. Ransomware

C. Trojan

D. Spyware

Answer: B

What is the purpose of forensic analysis in security?

A. Detect ongoing attacks

B. Collect and analyze evidence

C. Enhance encryption

D. Automate scans

Answer: B

Which of the following prevents insider threats?

A. Network segmentation

B. Access monitoring and logging

C. Multi-factor authentication

D. Encryption

Answer: B

What is an important step in the post-incident process?

A. Block all external connections

B. Perform a root cause analysis

C. Encrypt logs

D. Restore access

Answer: B

Which of the following is an advanced persistent threat (APT)?

A. Phishing email

B. Long-term targeted attack by a skilled group

C. Malware via USB drives

D. Brute force attack

Answer: B

What is a zero-day vulnerability?

A. Exploited weakness before patch release

B. Outdated system vulnerability

C. Malware-infected system

D. Known weakness with no exploit

Answer: A

What is the purpose of a sandbox in malware analysis?

A. Isolate and observe suspicious programs

B. Encrypt files

C. Block traffic

D. Restore files

Answer: A

What is the role of a disaster recovery plan?

A. Restore operations after disruption

B. Prevent phishing attacks

C. Automate backups

D. Enforce compliance

Answer: A

What is the purpose of a business impact analysis (BIA)?

A. Identify critical functions and their loss impact

B. Detect malware infections

C. Test firewall efficiency

D. Test disaster plans

Answer: A

Which of the following is part of change management?

A. Evaluate risks before changes

B. Block unauthorized IPs

C. Automate vulnerability scans

D. Monitor physical access

Answer: A

What is the purpose of least privilege in access control?

A. Minimize user/system permissions

B. Encrypt data

C. Maximize productivity

D. Improve password complexity

Answer: A

What does a data loss prevention (DLP) solution do?

A. Prevents sensitive data from unauthorized access/transmission

B. Encrypts all network traffic

C. Blocks malicious email attachments

D. Restores deleted files

Answer: A

Patreon Support:

https://www.patreon.com/DecodedPodcast