
初心者向けのGSOC試験 [2025] 問題集でGIACのPDF問題
GSOCプレミアム試験エンジンPDFをダウンロード
質問 # 11
Why is it important to maintain a dynamic and adaptable triage process?
Response:
- A. So that the process becomes less predictable to attackers
- B. To comply with international laws only
- C. Because the threat landscape and organizational priorities are constantly changing
- D. To ensure that the process can be the same for every type of organization
正解:C
質問 # 12
Which of the following is a common attack against the Simple Mail Transfer Protocol (SMTP)?
Response:
- A. IP spoofing
- B. DNS tunneling
- C. Email spoofing
- D. SQL injection
正解:C
質問 # 13
How do attackers exploit vulnerable HTTP methods?
Response:
- A. By utilizing the POST method to decrypt SSL/TLS traffic.
- B. By using the TRACE method to intercept and modify HTTP headers.
- C. By exploiting the OPTIONS method to bypass authentication mechanisms.
- D. By leveraging the GET method to upload malicious files.
正解:B
質問 # 14
You are part of a Blue Team tasked with protecting a multinational organization's network. Recently, your team has noticed an increase in phishing attempts targeting employees. Despite conducting security awareness training, several employees have clicked on malicious links, leading to malware infections. You need to adjust your defensive strategy.
Which of the following actions should the Blue Team take to mitigate this threat and strengthen defenses?
(Choose Three)
Response:
- A. Implement stricter email filtering rules to block suspicious emails
- B. Rely solely on training and do not implement any technical controls
- C. Disable internet access for all employees
- D. Use sandboxing to isolate and analyze email attachments before they reach employees
- E. Enhance endpoint detection and response (EDR) systems to quickly identify and quarantine infected devices
正解:A、D、E
質問 # 15
How can one extract useful information from a potentially malicious Windows executable file without executing it?
(Choose Two)
Response:
- A. Using tools like strings to extract human-readable text
- B. Running the file and observing its behavior in a sandbox environment
- C. Viewing the file in a hex editor to analyze its contents
- D. Opening the file in a text editor like Notepad
正解:A、C
質問 # 16
What is the primary purpose of an HTTPS connection compared to HTTP?
Response:
- A. To increase the speed of data transfer
- B. To compress the data to minimize bandwidth usage
- C. To provide a user-friendly interface
- D. To ensure data integrity and confidentiality through encryption
正解:D
質問 # 17
What role does user feedback play in the analytic design and improvement process?
(Choose Two)
Response:
- A. It can guide the prioritization of new features or adjustments
- B. It helps identify areas that may need refinement or improvement
- C. It's irrelevant as long as the data is accurate
- D. It should be considered only after major failures are detected
正解:A、B
質問 # 18
During an incident, which of the following should a SOC focus on?
(Choose Three)
Response:
- A. Preserving evidence and maintaining a chain of custody
- B. Rapid identification and containment of the threat
- C. Assigning blame to individuals for the breach
- D. Ensuring business continuity
- E. Ignoring stakeholder communications to focus on technical response
正解:A、B、D
質問 # 19
Which step is critical to ensure analytics are properly aligned with organizational goals and user needs?
Response:
- A. Using the latest data analytics technology by default
- B. Implementing complex algorithms without user input
- C. Conducting user interviews to gather requirements
- D. Collecting random data samples
正解:C
質問 # 20
In Linux systems, where can you commonly find security event logs?
Response:
- A. /etc/security
- B. /var/log/auth.log
- C. /home/logs/
- D. /sys/log/security/
正解:B
質問 # 21
In the context of analytics enrichment, which of the following is considered a best practice?
Response:
- A. Incorporating external data sources for enhanced insights
- B. Ignoring data source reliability
- C. Enriching data at random intervals
- D. Using only internal data to avoid external biases
正解:A
質問 # 22
How does understanding the business context help in intrusion analysis?
Response:
- A. It allows for prioritizing incidents based on the attacker's profile.
- B. It ensures that all incidents are treated with equal priority.
- C. It provides insights into which assets are most critical to secure first.
- D. It helps in allocating a bigger budget to the IT department.
正解:C
質問 # 23
What are essential practices when analyzing HTTP(S) traffic to identify attacks?
(Choose Three)
Response:
- A. Inspecting the payload for malicious content
- B. Assuming all GET requests are safe
- C. Monitoring for unexpected status codes like 500 Internal Server Error
- D. Checking for inconsistent IP addresses in the traffic logs
- E. Ignoring encrypted traffic as it is always secure
正解:A、C、D
質問 # 24
Which types of events are commonly found in Windows Security Event Logs?
(Choose Two)
Response:
- A. Network interface bandwidth statistics
- B. Successful and failed login attempts
- C. System temperature monitoring
- D. Account creation and deletion
正解:B、D
質問 # 25
Why is it critical to have an understanding of the layered architecture of enterprise networks when analyzing network traffic?
Response:
- A. Knowledge of different layers helps in pinpointing the source and nature of network issues.
- B. It aids in understanding where bottlenecks can occur.
- C. It is essential for legal compliance in many jurisdictions.
- D. It is only necessary for designing network infrastructure, not for analysis.
正解:A
質問 # 26
Which actions should an administrator take to secure HTTP(S) traffic?
(Choose Two)
Response:
- A. Disable unnecessary HTTP methods like TRACE or CONNECT.
- B. Regularly update and patch web servers and applications.
- C. Enforce the use of outdated encryption algorithms for compatibility.
- D. Encourage the use of FTP over HTTPS for file transfers.
正解:A、B
質問 # 27
Which of the following is an indicator of a DNS-based attack?
Response:
- A. Repeated failed login attempts
- B. Frequent HTTP 404 errors
- C. Unusually high traffic to a single DNS server
- D. High CPU usage on endpoint devices
正解:C
質問 # 28
Which HTTP status code indicates that the requested resource is temporarily available at a different URI, as provided by the Location header?
Response:
- A. 302 Found
- B. 404 Not Found
- C. 200 OK
- D. 301 Moved Permanently
正解:A
質問 # 29
What role does endpoint detection and response (EDR) software play in endpoint defense?
Response:
- A. It replaces the need for any antivirus solutions.
- B. EDR software is solely responsible for data backup processes.
- C. EDR solutions help in identifying and mitigating threats in real-time.
- D. It only logs events without providing any real-time analysis or response.
正解:C
質問 # 30
......
あなたを合格させるGIAC試験にはGSOC試験問題集:https://jp.fast2test.com/GSOC-premium-file.html