SOC Analyst Tier 2 Interview Questions

1
SOC Analyst Tier 2 Interview Questions
www.infosectrain.com sales_at_infosectrain.com
2
Security Operations Center (SOC) Analysts play a
crucial role in identifying, analyzing,
responding to and mitigating cyber attacks in an
organization. The Tier 2 SOC Analysts are
incident responders responsible for performing
threat intelligence analysis to identify and
respond to threats. This article provides the
interview questions for SOC Analysts L2 and helps
to take a quick revision before cracking an
interview.
www.infosectrain.com sales_at_infosectrain.com
3

• What is a TCP three-way handshake?
• The three-way handshake is a protocol to create a
  reliable connection between client and server. It
  includes three essential interactions between
  client and server to exchange synchronize (SYN)
  and acknowledge (ACK) data packets.
• What is an IDS?
• An Intrusion Detection System (IDS) is a system
  that scans a network or system to identify
  suspicious activities and monitor network
  traffic. It generates alerts when suspicious
  activities are identified. The SOC Analysts can
  analyze the issue and implement various
  remediation techniques based on the alerts.
• What is an IPS?
• An Intrusion Prevention System (IPS) is a network
  security tool that continuously monitors the
  system or network traffic flow to identify and
  prevent malicious threats. It sends an alert to
  the security team, drops the malicious data
  packets, blocks or stops the network traffic,
  resets the connection, and configures the
  firewall to prevent future attacks.
• How is vulnerability assessment different from
  penetration testing?
• Vulnerability Assessment is an automated approach
  used to identify and prioritize the weaknesses in
  the network, system, hardware, or firewall using
  vulnerability scanning tools. In contrast,
  penetration testing is a manual approach that
  includes a deep simulation process to identify
  weaknesses in the system and fix them.
• What is the XDR?
• XDR stands for Extended Detection and Response,
  an advanced endpoint detection and response
  security approach used to detect threats by
  analyzing the data collected from various sources.

www.infosectrain.com sales_at_infosectrain.com
4

• What is port scanning?
• Port scanning is a method used by attackers to
  identify the open ports or weak ports in the
  network for exploitation. These ports enable
  sending or receiving data, and it also helps to
  understand the status of the security firewalls
  used by the organization.
• What is the difference between TCP and UDP?

TCP UDP
Transmission Control Protocol (TCP) is a connection-oriented protocol. User Datagram Protocol (UDP) is a connectionless protocol, and no connections are established.
It arranges the data packets in sequential order for data transmission. In UDP, data packets are independent of others.
It is highly reliable. It is moderately reliable.
It supports the error control mechanism. It does not support the error control mechanism.
www.infosectrain.com sales_at_infosectrain.com
5

• Explain the incident response life cycle.
• The incident response life cycle is a
  step-by-step framework to identify and respond to
  cyber security incidents. The Incident response
  life cycle varies based on the framework used by
  the organization. The NIST framework includes
  four phases
• Preparation
• Detection and Analysis
• Containment, Eradication, and recovery
• Post-Event Activity
• What are the various types of IDS?
• The following are the various types of Intrusion
  Detection Systems
• Network Intrusion Detection System (NIDS)
• Host Intrusion Detection System (HIDS)
•  Hybrid Intrusion Detection System
• Protocol-based Intrusion Detection System (PIDS)
• Application Protocol-based Intrusion Detection
  System (APIDS
• What are the best practices required to secure a
  server?
• Update the operating system and software
  regularly
• Regular backup of the data or files
• Install SSL Certificates
• Use VPNs
• Use Firewall protection

www.infosectrain.com sales_at_infosectrain.com
6

SOC Analyst training with InfosecTrain InfosecTrai
ns SOC Analyst training program is curated by
subject matter experts that provide a
comprehensive understanding of SOC operations and
procedures. It helps beginners and experienced
SOC Analysts (L1/L2/L3) improve their skills in
managing and responding to security threats.

www.infosectrain.com sales_at_infosectrain.com
7
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
8
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
9
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
10
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
11
(No Transcript)
12
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-722-11127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com