Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for
further investigation and confirmation. Charline, after a thorough investigation, confirmed the
incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?
Which of the following tool can be used to filter web requests associated with the SQL Injection
Which of the following process refers to the discarding of the packets at the routing level without
informing the source that the data did not reach its intended recipient?
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to
prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is
Which of the following data source will he use to prepare the dashboard?
Which of the following contains the performance measures, and proper project and time
of the following technique protects from flooding attacks originated from the valid prefixes (IP
addresses) so that they can be traced to its true source?
Which of the following data source will a SOC Analyst use to monitor connections to the insecure
of the following steps of incident handling and response process focus on limiting the scope and
extent of an incident?
Which of the following stage executed after identifying the required event sources?
Which of the following attack can be eradicated by disabling of "allow_url_fopen and
allow_url_include" in the php.ini file?
In which log collection mechanism, the system or application sends log records either on the local
disk or over the network.
Identify the attack in which the attacker exploits a target system through publicly known but still
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company
and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.
What does this event log indicate?
Which of the following is a correct flow of the stages in an incident handling and response (IH&R)