AI
What’s the difference between AI and machine learning?
AI is the broad concept of machines performing intelligent tasks.
Machine learning (ML) is a subset of AI where systems learn patterns from data and improve over time without being explicitly programmed for every rule.
Name one common cloud service model.
IaaS, PaaS, or SaaS
What device is commonly used to block unauthorized network traffic?
A firewall.
What does SOC stand for?
Security Operations Center.
What is training data, and why is it important in AI models?
Training data is the set of examples used to teach an AI model how to perform a task. High-quality, diverse, and unbiased training data is crucial because the model’s accuracy and fairness depend directly on the data it learns from.
Who is responsible for securing customer data in the cloud under the shared responsibility model?
Both the cloud provider and the customer
What does VPN stand for?
Virtual Private Network
What is the main role of a SOC analyst?
To monitor, detect, and respond to security incidents.
What is the difference between supervised and unsupervised learning?
Supervised learning uses labeled data (inputs paired with correct outputs) to train models, such as email spam detection.
Unsupervised learning works with unlabeled data to discover hidden patterns or groupings, such as customer segmentation.
What does “misconfiguration” refer to in cloud security?
Incorrect cloud settings that expose systems or data to risk.
What is lateral movement in a network attack?
When an attacker moves between systems inside the network after initial access.
What is a SIEM used for in a SOC?
Collecting, correlating, and analyzing security logs and events.
What is “model drift” in AI systems?
When an AI model’s accuracy degrades over time because real-world data changes.
What is the purpose of a Cloud Security Posture Management (CSPM) tool?
To continuously monitor and remediate cloud misconfigurations and compliance issues.
What is the key difference between IDS and IPS?
IDS detects threats, while IPS detects and actively blocks them.
What does “mean time to respond” (MTTR) measure?
How quickly a SOC detects and responds to incidents.
How does Cortex XDR’s AI-driven behavioral analytics detect previously unseen (zero-day) attacks without relying on traditional signatures?
By using machine learning models that analyze behavioral patterns across endpoints, network, and cloud data to identify anomalies and malicious activity, correlating events over time to flag threats even when no known signature exists.
Why are APIs a major security concern in cloud environments?
They are highly exposed and often targeted for abuse, data exfiltration, or privilege escalation.
Why is Zero Trust networking important in modern enterprises?
It assumes no user or device is trusted by default and continuously verifies access.
How does SOAR improve SOC effectiveness?
By automating incident response, orchestration, and repetitive analyst tasks.