© All rights reserved. Cyber Struggle 2022
Cyber Struggle Cyber Struggle
  • Company
    • About Us
    • CS Internals
    • Careers
    • Press and Media
    • GDPR Notification
    • Contact Us
  • S-46 Simulation
  • Programs
    • Aegis Program
      • Aegis Program Details
      • Aegis Testimonials
    • Ranger Program
      • Ranger Program Details
      • Ranger Testimonials
    • Contemprorary Certifications
      • Cyber Struggle Tactical Pistol Operator
  • Resources
    • Articles
    • Threat Reports
    • Tools
    • Announcements
  • Community
    • Community Programs
      • Ribbon Program
    • Delta Group
0
Cyber Struggle

About SOC Analyst Test

This test consists of 55 technical questions including both offensive and investigative topics which equal to 135 points overall. Each question has a different score based on difficulty. The results will be calculated automatically and directly sent to you via given e-mail address. Therefore, please be sure you have provide correct contact information
Analyst Path and Grading

SOC TEST

1 / 60

Where are you from?

2 / 60

What is your education level?

3 / 60

What is your current title?

4 / 60

What Industry do you work in?

5 / 60

How many years experience do you have in your field?

6 / 60

Are you be able to work openly and cooperatively at all times?

7 / 60

Do you think you have the ability to not lose sight of the forest for the trees, yet still to be able to see the trees?

8 / 60

Since the cyberthreat landscape presenting a constant steam of new challenges, do you have the desire to want to develop your own skills and abilities?

9 / 60

Does powershell script block logging is enough for detecting process injection attacks?

10 / 60

Is it possible to write a file inside the server with SQL injection if backend database is MySQL?

11 / 60

Which of the following commands can be used in lateral movement inside network?

12 / 60

Which command would you use to print information about a scheduled task named revShell?

13 / 60

Which Mitre Att&ck vectors included below command?

Start-BitsTransfer -Source $url -Destination $output

Start-BitsTransfer -Source $url -Destination $output

14 / 60

Which tool is included in default installations of Windows and can query or modify file DACLs?

15 / 60

Using which source it is possible to detect process injection Windows API requests?

16 / 60

From which log source it is possible to detect directory traversal attacks on apache?

17 / 60

For reviewing syslogs, which directory should be checked for most Linux distros?

18 / 60

Which of the following entries in “/etc/sudoers” would give users in the administrators group the ability to run the “/bin/cat” command as root without requiring a password?

19 / 60

The Time to Live (TTL) field/value found in the IP header are used to:

20 / 60

Suppose a SYN packet is spoofed using a real IP address and then sent to a server that responds with a SYN/ACK to the actual IP address. How does the real IP address respond?

21 / 60

Which of the following you can not obtain while doing memory analysis?

22 / 60

Which type of Windows log is most likely to contain information about a file being deleted?

23 / 60

What is EventID 4720 means in Windows Event Log?

24 / 60

What is EventID 4697 means in Windows Event Log?

25 / 60

What type of attack can be considered if “Ticket Encryption Type” parameter is equals to 0x17 (RC4-HMAC) inside Eventlog 4768: A Kerberos authentication ticket (TGT) log?

26 / 60

Which of the following Windows registry keys is most useful for malware that aims at maintaining persistent presence on the infected system?

27 / 60

Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic image before and after an investigation?

28 / 60

What is difference between IPS and IDS?

29 / 60

What kind of detection method works by examining data for specific patterns?

30 / 60

A company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s). What should be implemented?

31 / 60

After a security breach, it was discovered that the attacker had gained access to the network by using a brute-force attack against a service account with a password that was set to not expire, even though complex password. Which of the following could be used to prevent similar attacks from being successful in the future?

32 / 60

A security analyst saw two alert;

1st; a process spawned from “wmiprvse.exe”
2nd; a suspicious connection detected from “svchost.exe”

Which service may abused if you think this two alert?

33 / 60

Which Mitre ATT&CK™ tactic describes the process of an attacker gathering information to provide more information on the environment that they have gained access to?

34 / 60

An analyst notices that a user from building maintenance is part of the Domain Admin group. Which of the following does this indicate Mitre Att&ck vectors?

35 / 60

Which Mitre ATT&CK™ tactic describes an attacker’s efforts to avoid detection?

36 / 60

Which Mitre ATT&CK™ tactic describes an attacker maintaining a presence on the endpoint?

37 / 60

What is another name for a process injection attack?

38 / 60

Which of the following is not considered part of the lateral movement process?

39 / 60

What is “Over Pass the Hash” attack?

40 / 60

Which order of operation is necessary when executing a Kerberoasting attack?

41 / 60

What is DCSync attack?

42 / 60

When executing Mimikatz from the target’s hard drive, which of the following commands must you execute, which requires you to impersonate SYSTEM-level access, prior to dumping credentials from the target host?

43 / 60

To forge a golden ticket the attacker needs _____ ?

44 / 60

What is the purpose of query shown below?

source="/var/log/auth.log" COMMAND="*" USER="root"

45 / 60

What is the purpose of query shown below?

index="linux_access_log" ("|" OR "||" OR ";" OR "$" OR "&&") AND ("ls" OR "id" OR "whoami" OR "ping" OR "nc" OR "ncat" OR "php")

index="linux_access_log" ("|" OR "||" OR ";" OR "$" OR "&&") AND ("ls" OR "id" OR "whoami" OR "ping" OR "nc" OR "ncat" OR "php")

46 / 60

What type of attack can be considered if you see logs like in access.log?

"GET /?id=1' and if(substr((select version()),1,1) = '5' , sleep(3), 1) #&Submit=Submit HTTP/1.1" 200

"GET /?id=1' and if(substr((select version()),1,1) = '5' , sleep(3), 1) #&Submit=Submit HTTP/1.1" 200

47 / 60

What type of attack can be considered if IDS rule was hit?

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Attack"; flow:to_server,established;content:"alert(document.cookie)"; nocase; sid: 1000000;)

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Attack"; flow:to_server,established;
content:"alert(document.cookie)"; nocase; sid: 1000000;)

48 / 60

The process of replacing HTML control characters (e.g. , “, &, etc) into their encoded representatives (e.g. “& lt ;” “& gt ;” “& quot ;” “& amp ;” etc..) is known as?

49 / 60

Determine the back-end database from given error:

Query failed: ERROR: syntax error at or near "20131418" LINE 1: 20131418 ^ in /var/www/html/view_project.php on line 13

Query failed: ERROR: syntax error at or near "20131418" LINE 1: 20131418 ^ in /var/www/html/view_project.php on line 13

50 / 60

What type of attack is typically associated with the strcpy function?

51 / 60

What are the two most common phases of malware analysis?

52 / 60

Which of the following tools best supports the concept of breakpoints?

53 / 60

Using Entropy analysis which of the following can be said for malware?

54 / 60

Which of the following defensive measures do malware authors use to encode the original executable to protect it against static code analysis?

55 / 60

Which mechanism is malware least likely to use when defending itself against analysis?

56 / 60

In the context of malware analysis, what does the term "patching" refer to?

57 / 60

Which processor instruction is commonly used to fill up buffer space in exploit code and help slide the program execution flow to its final destination?

58 / 60

Which of the following assembly instructions is least likely to be used by malicious code to perform a jump?

59 / 60

Which x86 register is most commonly used for storing a function's return value in assembler?

60 / 60

Which of the following system calls is most likely to be used by a keylogger?

LinkedIn Facebook Twitter VKontakte

About Company

About
CS Internals
Careers
Press and Media
Contact Us

Programs

Cyber Struggle Ranger
Cyber Struggle Aegis
Cyber Struggle TPO

For Corporates

Cyber Range Platform
SOC Maturity Certification
In-House SOC Mngmt
Outsource SOC Mngmt
Head Hunting Partnership

Subscribe to newsletter

cs_logo_son

© 2023 Cyber Struggle

in
F.A.Q
Support Forum
Video Tutorials

Search panel can contain any widgets and shortcodes.

Call us: 0 800 255 22 55