Questions

Q 1. What will be the correct order of the steps to be followed with respect to user
authentication issues in network security?

a. Devise plans to handle any escalations that may arise.

b Set up threshold values for the failed login event to prevent false alarms.

c. Ensure every failed attempt at login is logged

Refer to the given list and select the option with the correct sequence.

1. 1.b
2.a

3.c

2. 1.c
2.b
3.a

3. 1.b
2.c
3.a

4. 1.a
2.c
3.b

Q 1. What is the right sequence of tasks that are performed by the intrusion detection system
(IDS)?

(i) Compare signatures for verifying the suspicious data traffic

(ii) Stop suspicious data from reaching the target system

(iii) Create a copy of data packet

(iv) Allow the actual packet flow forwarding

Refer to the given list and select option with the cotted sequence.

1) 2-4-1-3
2) 3-1-4-2
3) 3-4-1-2
4) 3-2-1-4

Q 2. Which data source will holp identify events in the network that may breach security?

a) Data obtained from Syslog events

b) Data obtained from flow based protocols
c) Data obtained using SNMP from network devices
d) Data obtained using WMI from netwotk servers

Q 3. Which option indicates the detection use case that might have been used by the SIEM in
reporting the anomaly of a user account that is found to be compromised?

1. A service account login that had carried out some software updates and patches
2. A device that has been transmitting lesser than usual amount of data over a period of
time to an external source
3. An administrator account that was trying to access sensitive data
4. User login was taking place from unusual locations

Q 5. What will be the type of log if a particular log shows various applications and files used
on various devices on the network?

1. Windows Event Log

2. Endpoint Log
3. Application Log
4. Proxy Log

Q 6. Which one of the following log analysis method is used to convert diverse log entities
into a standard format that can be used for pattern recognition?

1. Normalization
2. Classification
3. Correlation
4. Tagging

Q 7. What is the correct order of steps that will carried out during incident management?

1. Escalate the incident

2. Resolve the incident
3. Close the incident
4. Log the incident
5. Screen the incident

Select the correct sequence

 1. 4-1-3-5-2
2. 5-1-3-2-4
3. 1-4-5-2-3
4. 4-5-1-2-3
5. 4-5-1-2-3

to the given list and select the option with the correct

Q 8. Which type of request from the employees in an organization will be handled by the
Service Request Management team?

1. Complaint about the webpage

2. Continuous interruption while testing the application
3. Feedback regarding a recent security patch
4. Report an important loophole in the security patch

Q 9. Which term refers to an unplanned interruption such as outages or a component failure

that affects a single user or a service in an organization?

1. Requests
2. Alarms
3. Events
4. Incidents

Q 11. Which option indicates an important item that is included in the Shift Handover form
for effective shift handover among employees?

1. Responsibilities assigned to each member of both completed and upcoming shifts

2. Break schedule of all the members for the upcoming shift
3. Plan of action for the upcoming shift
4. Points of contact for the shift being handed over

Q 16. Which type of cybersecurity attack downloads programs without the user’s knowledge
in order to infect the device or hack data?

1. Drive-by-attack
2. Password Attack
3. Session hijacking
4. phishing
Q 17. Which option indicates an important feature of the SIEM system that will be developed?

1. Used to thwart threats from hackers outside organization’s network

2. used to thwart attacks from outside as well as manages access ights to thwart
from the inside of the network
3. Used to monitor and detect any anomalies that might take place in the organization’s
network
4. Used to identify Indicators of Attack