
リアル試験問題GSOC問題集試験問題はここにある [2025年07月]
最新の2025年07月効果的なGSOCテスト問題を使って合格突破
質問 # 56
You are a security analyst for an e-commerce company. Recently, customers have reported seeing strange pop-ups and being redirected to suspicious websites while browsing your company's website, even though HTTPS is enabled. Upon investigation, you discover that an attacker is performing an SSL strip attack, downgrading traffic from HTTPS to HTTP.
Which of the following steps should you take to mitigate this attack and secure user traffic?
(Choose Three)
Response:
- A. Upgrade SSL/TLS certificates and ensure they are valid and up to date
- B. Implement HTTP Strict Transport Security (HSTS) to force HTTPS connections
- C. Disable all SSL/TLS encryption
- D. Enable logging of certificate warnings and suspicious traffic
- E. Redirect all HTTP traffic to HTTPS automatically
正解:A、B、E
質問 # 57
What role does endpoint detection and response (EDR) software play in endpoint defense?
Response:
- A. EDR solutions help in identifying and mitigating threats in real-time.
- B. It only logs events without providing any real-time analysis or response.
- C. It replaces the need for any antivirus solutions.
- D. EDR software is solely responsible for data backup processes.
正解:A
質問 # 58
Which protocol is vulnerable to man-in-the-middle (MitM) attacks due to the lack of encryption?
Response:
- A. FTP
- B. HTTPS
- C. SSH
- D. DNSSEC
正解:A
質問 # 59
What role does cross-training play in enhancing Blue Team effectiveness?
Response:
- A. It enhances team flexibility and resilience by broadening individual skill sets.
- B. It decreases operational efficiency by overloading team members with information.
- C. It is discouraged as it might lead to information overload and confusion.
- D. It ensures that team members can only focus on their primary roles.
正解:A
質問 # 60
Which practices help improve the effectiveness of a SOC using SIEM systems?
(Choose Two)
Response:
- A. Correlating logs from various sources, including endpoints and network devices
- B. Ignoring low-severity alerts
- C. Disabling alert notifications during off-peak hours
- D. Regularly updating SIEM rules and signatures to detect the latest threats
正解:A、D
質問 # 61
For analytics enrichment, why is it vital to understand the origin and nature of the data sources?
Response:
- A. To make the data look more complex
- B. To validate the relevance and reliability of the data
- C. To focus solely on internal data sources
- D. To ensure the enrichment process adds no value
正解:B
質問 # 62
What is a common indicator of a compromised endpoint?
Response:
- A. Unexplained storage space availability increases
- B. Frequent system crashes or performance degradation
- C. Increased network traffic from the endpoint to known safe locations
- D. Consistent anti-virus alerts for common software
正解:B
質問 # 63
Which of the following is an indicator of a DNS-based attack?
Response:
- A. High CPU usage on endpoint devices
- B. Frequent HTTP 404 errors
- C. Repeated failed login attempts
- D. Unusually high traffic to a single DNS server
正解:D
質問 # 64
What is the primary purpose of using HTTPS instead of HTTP?
Response:
- A. To speed up web traffic
- B. To prevent malware infections on websites
- C. To encrypt data between the client and server to protect against eavesdropping
- D. To reduce bandwidth usage
正解:C
質問 # 65
In the context of Blue Team operations, which of the following is a key incident response step?
Response:
- A. Promoting public access to incident details for transparency
- B. Relying solely on automated responses without human intervention
- C. Establishing a communication plan
- D. Ignoring low-severity alerts to focus on high-severity issues
正解:C
質問 # 66
Which of the following is a critical event to monitor in Windows Event Logs?
Response:
- A. Routine software updates
- B. Printer usage logs
- C. Failed login attempts
- D. System uptime
正解:C
質問 # 67
Which step is critical to ensure analytics are properly aligned with organizational goals and user needs?
Response:
- A. Collecting random data samples
- B. Conducting user interviews to gather requirements
- C. Implementing complex algorithms without user input
- D. Using the latest data analytics technology by default
正解:B
質問 # 68
In the context of analytics enrichment, which of the following is considered a best practice?
Response:
- A. Incorporating external data sources for enhanced insights
- B. Enriching data at random intervals
- C. Using only internal data to avoid external biases
- D. Ignoring data source reliability
正解:A
質問 # 69
In HTTPS, what role does the certificate authority (CA) play?
Response:
- A. It provides certificates to assert the identity of the server
- B. It ensures the data integrity of HTTP headers only
- C. It increases the transmission speed of the HTTPS protocol
- D. It encrypts the data being transmitted
正解:A
質問 # 70
Which of the following is a key responsibility of a Security Operations Center (SOC)?
Response:
- A. Managing physical security for the organization
- B. Deploying offensive attacks against external networks
- C. Developing new software for endpoint security
- D. Continuous monitoring and analysis of security events in real time
正解:D
質問 # 71
Which step is essential when designing analytics to ensure they meet user needs and requirements?
Response:
- A. Implementing the most complex models available
- B. Random sampling of data
- C. Conducting thorough user interviews
- D. Choosing the latest technology regardless of the context
正解:C
質問 # 72
Why is it important to maintain a dynamic and adaptable triage process?
Response:
- A. So that the process becomes less predictable to attackers
- B. To comply with international laws only
- C. Because the threat landscape and organizational priorities are constantly changing
- D. To ensure that the process can be the same for every type of organization
正解:C
質問 # 73
What is the first step in an effective intrusion triage process?
Response:
- A. Implementing changes to prevent future incidents
- B. Identifying false positives to reduce the volume of incidents
- C. Contacting external authorities for every detected incident
- D. Immediate escalation to senior management
正解:B
質問 # 74
Your organization has experienced a series of attacks targeting your SMTP server. Attackers are spoofing internal email addresses and sending phishing emails to employees, leading to several security incidents. You need to take steps to secure your email communications.
Which of the following actions should you take to mitigate this issue and secure SMTP traffic?
(Choose Three)
Response:
- A. Disable email filtering to improve email delivery speeds
- B. Set up email filtering to block known phishing domains
- C. Allow open relays to ensure emails are not blocked
- D. Implement SPF, DKIM, and DMARC to authenticate email senders
- E. Enforce TLS encryption for all email traffic
正解:B、D、E
質問 # 75
What role does a SIEM play in compliance and auditing within a SOC?
Response:
- A. It offers a marketing platform to promote SOC achievements.
- B. It serves as a primary tool for network performance benchmarking.
- C. It provides a gaming interface for stress relief.
- D. It helps in generating reports that demonstrate compliance with various standards.
正解:D
質問 # 76
Which protocol is commonly targeted by attackers to move laterally within a network?
Response:
- A. SMB
- B. DHCP
- C. ICMP
- D. FTP
正解:A
質問 # 77
......
正真正銘で最適な資料GSOCオンライン練習試験:https://jp.fast2test.com/GSOC-premium-file.html