Network Security
Malware Analysis
Incident Response
Security Operations
100

What security device inspects and filters incoming and outgoing network traffic?

What is Firewall?

100

Which type of malware is self-replicating and spreads without user intervention?

What is Worm?

100

What phase of incident response focuses on readiness and planning?

What is Preparation?

100

What does a SIEM system primarily do?

What is log correlation?

200

Which protocol ensures secure communication over a network, typically used in web browsing?

What is HTTPS?

200

What type of malware masquerades as legitimate software to deceive users?

What is Trojan?

200

What action involves gathering evidence after detecting an incident?

What is Forensics?

200

What is the primary objective of a Security Operations Center (SOC)?

What is threat monitoring?

300

What technique isolates critical network segments to minimize potential breaches?

What is Segmentation?

300

What is the initial, non-execution analysis of malware called?

What is Static Analysis?

300

What type of containment is implemented immediately to stop an active threat?

What is Containment?

What is Short-term Containment?  

300

What tool is often used to automate repetitive tasks in a SOC?

What is SOAR?

400

What network component separates an internal network from external access?

What is DMZ?

400

Which tool is commonly used to safely execute and observe malware behavior?

What is Sandbox?

400

What is the process of restoring normal operations after an incident?

What is Recovery?

400

What practice involves continuously testing defenses by simulating attacks?

What is Red Teaming?

500

What process involves controlling which devices can access network resources?

What is Network Access Control?

500

What term describes the traces or artifacts left by malware that indicate a system compromise?

What are Indicators of Compromise?

500

What is the final step in incident response that involves improving future defenses?

What is Lessons Learned?

500

What is the role of a Threat Hunter within a SOC?

What is proactive detection?