CyberOps Associate Security Monitoring Questions

Correct Answer: Ability to reconstruct sessions and inspect payloads for detailed investigation
Explanation: Full packet capture provides all data including payloads, enabling deep forensics; downside is more storage and overhead.

Correct Answer: \.\.\/
Explanation: ../ (encoded as \.\.\/) is common in directory traversal attacks; the regex above matches that pattern.

Correct Answer: To monitor events on the host (file changes, system logs) for suspicious activity
Explanation: HIDS runs on a host to track what happens locally (i.e., changes, logs) to detect intrusion or compromise signals.

Correct Answer: Running process list and memory contents
Explanation: Volatile data (RAM, running processes) is lost on shutdown; best collected early in forensics or incident response.

Correct Answer: Tunneling or encryption or using proxies
Explanation: Attackers often use tunneling, encryption, or proxies to evade detection by security monitoring tools.

Correct Answer: Summary of flows (session metadata) like source, destination, ports, bytes transferred
Explanation: NetFlow collects flow metadata rather than full packet capture, useful for traffic pattern analysis.

Correct Answer: Attribute-Based Access Control (ABAC)
Explanation: ABAC makes decisions based on attributes (user, resource, environment), not only roles or predefined policies.

Correct Answer: Use of automated scripts or workflows to execute predefined remediation or response tasks
Explanation: RBA automates repeated or predictable tasks based on runbooks to improve speed and consistency.

Correct Answer: Agent-based uses software running on the host; agentless relies on external monitoring tools
Explanation: Agent-based protection installs a component on the host to monitor directly; agentless uses remote scans or external inputs without installed host agents.

Correct Answer: Availability
Explanation: Availability ensures systems and data are accessible when required; confidentiality is about secrecy, integrity about correctness.