Social Engineering is the art of manipulating people into performing actions or disclose

confidential information that could be used for fraudulent or malicious purposes. This can
include email phishing, phone scams, and in-person deception.

Here are some types of Social Engineering attacks:

● Phishing: Sending fraudulent emails that trick users into clicking links or downloading
malicious attachments.
● Baiting: Using the promise of free goods, such as a USB drive, to lure users into clicking
a malicious link or installing malware.
● Pretexting: Using a fabricated scenario to convince a user to hand over confidential
information. For example, pretending to be from tech support and asking for login
credentials.
● Quid Pro Quo: Offering something in exchange for confidential information, such as a
"prize" for taking a survey that includes personal data.
● Tailgating: Using a legitimate person's security credentials to gain unauthorized access
to a building or secure area.
● Vishing: Carrying out phishing attacks over the phone, often by spoofing caller ID
information to appear legitimate.
● Diversion Theft: This is where attackers create a diversion, such as a fire alarm, to
distract security while they steal valuable information or assets.
● Shoulder Surfing: The physical act of looking over someone's shoulder to steal
information, such as passwords or PIN codes.
● Scareware: The use of fake pop-up windows or warnings that trick users into installing
malware or providing personal information.
● Smishing: A type of phishing attack carried out over SMS (text) messages, often using a
shortened URL or a malicious attachment.

DHCP stands for Dynamic Host Configuration Protocol. It's a network protocol that
automatically assigns IP addresses and other network configurations to devices on a network.
This allows devices to join a network and automatically receive the necessary network
configuration information,

SSL stands for Secure Sockets Layer. It's a standard security protocol used to encrypt the
communication between a web browser and a web server. The web server must have an SSL
certificate that allows the browser to create a secure, encrypted connection. This is indicated by
the "https" in the URL and the padlock symbol in the address bar.

1. Phishing: Phishing is a type of cyber attack where attackers use deceptive emails, websites, or
messages to trick individuals into providing sensitive information such as passwords, credit card
numbers, or other personal data.
3. Difference between HTTPS and HTTP
HTTP and HTTPS are two versions of the Hypertext Transfer Protocol, which is used for
communication on the internet. Here are the main differences between the two:

HTTP (Hypertext Transfer Protocol):

is the foundation of data communication on the World Wide Web.
- It is unencrypted and data sent over HTTP can be intercepted by a third party.
- It's often used for public websites that don't require sensitive data transfer.

HTTPS (Hypertext Transfer Protocol Secure):

is an extension of HTTP that adds a layer of security to data communication on the internet.
- It uses an SSL (Secure Sockets Layer) or TLS (Transport Layer Security) certificate to encrypt
data sent between the server and the browser.

Malware: Malware, short for malicious software, is any software intentionally designed to
cause damage to a computer, server, client, or computer network.

Ransomware: It's a type of malware that encrypts the files on a computer and demands a
ransom payment to decrypt them. Ransomware attacks can cripple organizations by encrypting
important files and demanding payment for their release.

Trojan Horse: A Trojan horse, or Trojan, is a type of malware that disguises itself as legitimate
software, but once installed on a computer, it can enable unauthorized access, steal sensitive
information, or cause damage to the system.

Honeypotting: A honeypot is a computer system or network designed to be vulnerable to

attacks. t's used to detect, deflect, or study attempts of unauthorized use of information
systems. When a hacker tries to access the honeypot, their activity is monitored, allowing
administrators to take appropriate security measures.

IPsec stands for Internet Protocol Security: is a set of protocols used to secure internet protocol
(IP) communications by authenticating and encrypting each IP packet in a data stream.

VPN stands for Virtual Private Network. A VPN (Virtual Private Network) is a technology that
creates a secure and encrypted connection over a public network, such as the internet.
It works by creating a virtual tunnel between your device and the VPN server. All your internet
traffic is encrypted and routed through this tunnel, making it difficult for anyone to intercept or
tamper with your data.

There are two main types of VPNs:

1. Remote-access VPNs: These allow you to access a private network from a remote location.
2. Site-to-Site VPN: Unlike remote-access VPNs, site-to-site VPNs connect two or more private
networks, allowing secure communication between them.
A firewall is a network security device or software that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. It acts as a barrier between a
trusted internal network and untrusted external networks (such as the internet), filtering traffic
to prevent unauthorized access and protect against cyber attacks.
1. Packet filtering firewalls:
2. Application-level gateways
3. Stateful inspection firewalls:

What is EDR??
EDR stands for Endpoint Detection and Response. Is a security solution that helps protect
against advanced threats by continuously monitoring endpoint activity, such as the behavior of
processes, network connections, and file system activity. It detects potential malicious behavior
and responds automatically to mitigate the damage.

The "endpoint" refers to any computing device, such as a laptop, desktop, or server, that's
connected to the network.
Some features of EDR include:

the difference between DoS and DDoS attacks:

DoS (Denial of Service) attack: A single computer or device floods a target network or server
with so much traffic that it becomes overwhelmed and stops responding to legitimate requests.
Types of Dos
examples of of ddos: Botnet and internet of things based ddoss

DDoS (Distributed Denial of Service) attack: A DDoS attack is a powerful form of DOS attack
where multiple infected systems target a single network, bombarding it with a flood of traffic

types of ddos
examples of dos: Buffer Overflow Attacks and ping of death.
Here’s the lowdown on SIEM (Security Information and Event Management):

- SIEM is a a tool that helps organizations collect, store, and analyze data from various sources,
such as firewalls, intrusion detection systems, and servers.
- It helps security analysts detect and respond to threats by correlating data from multiple
sources and generating alerts based on predefined rules and thresholds.

- SIEM tools can also be used for compliance monitoring, log management, and forensics.

IDS stands for Intrusion Detection System. It is a security tool that monitors network or system
activities for malicious activities or policy violations.
IPS stands for Intrusion Prevention System. It is a security tool that actively monitors network
traffic for malicious activities or policy violations and takes automated actions to block or
prevent detected threats in real-time.

When faced with a high volume of work on a software or tool used to detect incidents during a
SOC L1 interview, here are some short steps you can take:

1. Prioritize Alerts: Prioritize alerts based on severity levels to address critical incidents first.

2. Follow Standard Operating Procedures (SOPs): Follow standard operating procedures (SOPs)
for detecting and responding to incidents to maintain consistency and efficiency in incident
management.
3. Collaborate with Team: Communicate with team members to share workload, seek
assistance, and collaborate on resolving incidents effectively.
4. Utilize Playbooks: Consult predefined playbooks or response guides to follow standardized
procedures for specific types of incidents.
5. Document Actions: Keep detailed records of actions taken, findings, and resolutions for each
incident to maintain an audit trail and facilitate post-incident analysis.

By following these steps, you can demonstrate your ability to effectively manage a high volume
of work on a security tool during a SOC L1 interview.

By following these steps, you can efficiently handle a high volume of work on the software or
tool used for incident detection as a SOC L1 analyst. If you need further assistance or have any
more questions, feel free to ask!