Certified Supervision Specialist (CSA) Examination Information
In case you are planning to become a Certified SOC Analyst, you will have to pass an exam that covers different topics such as computer networking and management, enterprise security, computer systems, network security, information assurance, service management and other things. The certification gained by the certified professionals is recognized by all leading industry organizations as well as the governments. This article will give you a brief idea on what you can expect when you start preparing for the examination. Here is a link to the official website of CSI Academy, where you can find the necessary information and preparation you need to pass the test:
John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.
Question No 1:
Which of following Splunk query will help him to fetch related logs associated with process creation?
A. index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. … ..
B. index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
C. index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
D. index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) … … …
Question No 2:
Identify the HTTP status codes that represents the server error.
Question No 3:
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers. What is Ray and his team doing?
A. Blocking the Attacks
B. Diverting the Traffic
C. Degrading the services
D. Absorbing the Attack