Chapter 10 Questions

Question 1

What is the role of a SOC?

A. Encrypt data
B. Monitor, detect, and respond to threats
C. Backup systems
D. Develop software

Answer 1

Answer: B

Explanation:
A Security Operations Center (SOC) is responsible for continuously monitoring an organisation’s systems to detect and respond to security incidents. It uses tools like SIEM and threat intelligence to identify suspicious activity. The SOC acts as the central hub for security operations, focusing on real-time defence rather than system design.

Question 2

What does a security analyst do?

A. Design systems
B. Monitor alerts and investigate threats
C. Build hardware
D. Encrypt data

Answer 2

Answer: B

Explanation:
Security analysts are responsible for monitoring alerts generated by tools such as SIEM systems. They investigate suspicious activity, analyse logs, and determine whether an incident has occurred. They are often the first line of defence within a SOC.

Question 3

Threat Intelligence Analyst focuses on:

A. Logs
B. Gathering threat data
C. Hardware
D. Backup

Answer 3

Answer: B

Explanation:
A threat intelligence analyst collects and analyses information about current and emerging threats. This includes studying attacker behaviour, indicators of compromise (IoCs), and threat trends. Their work helps improve detection and supports decision-making in the SOC.

Question 4

Threat Hunting Analyst focuses on:

A. Reactive detection
B. Proactive threat searching
C. Encryption
D. Backup

Answer 4

Answer: B

Explanation:
Threat hunting analysts proactively search for hidden threats that automated systems may miss. Unlike traditional monitoring (which reacts to alerts), threat hunting assumes attackers may already be inside the network and actively looks for anomalies and suspicious behaviour.

Question 5

Red Team Analyst role?

A. Defend systems
B. Simulate attacks
C. Monitor logs
D. Backup

Answer 5

Answer: B

Explanation:
Red team analysts simulate real-world attacks to test an organisation’s security defences. They act like attackers to identify weaknesses in systems and processes. Their findings help improve the organisation’s overall security posture.

Question 6

Security Engineer role?

A. Monitor logs
B. Build and maintain security tools
C. Attack systems
D. Backup

Answer 6

Answer: B

Explanation:
Security engineers design, implement, and maintain security tools such as firewalls, SIEM systems, and intrusion detection systems. They focus on the technical implementation of security controls and ensure systems are properly configured and maintained.

Question 7

Security Architect role?

A. Monitor logs
B. Design security systems
C. Attack systems
D. Backup

Answer 7

Answer: B

Explanation:
Security architects are responsible for designing the overall security framework of an organisation. They define how systems should be secured, select appropriate technologies, and ensure security is built into the architecture from the start.

Question 8

Security Teams Structure

Main three teams:

A. Logs, backup, encryption
B. Operations, Architecture, Engineering
C. Firewall, IDS, SIEM
D. Malware, logs, backup

Answer: B

Explanation:
Most organisations structure their security functions into three main teams:

Security Operations (monitoring and responding to threats)
Security Engineering (building and maintaining tools)
Security Architecture (designing secure systems)
Each plays a distinct but complementary role.

Answer 8

Answer: B

Explanation:
Most organisations structure their security functions into three main teams:

Security Operations (monitoring and responding to threats)
Security Engineering (building and maintaining tools)
Security Architecture (designing secure systems)
Each plays a distinct but complementary role.