🃏 CyberOps Professional Flashcards

Q: What is SOAR?

A: Security Orchestration, Automation, and Response — platforms that automate incident response workflows and integrate security tools.

Q: What are the 7 stages of the Cyber Kill Chain?

A: 1. Reconnaissance, 2. Weaponization, 3. Delivery, 4. Exploitation, 5. Installation, 6. C2 (Command & Control), 7. Actions on Objectives.

Q: What is Volatility?

A: Open-source memory forensics framework for analyzing RAM dumps to detect malware, rootkits, and hidden processes.

Q: What is a YARA rule?

A: A pattern-matching tool for identifying malware samples based on textual or binary patterns in files.

Q: What is CVSS?

A: Common Vulnerability Scoring System — rates vulnerability severity on a 0–10 scale based on exploitability and impact.

Q: What is threat intelligence?

A: Evidence-based knowledge about threats (IOCs, TTPs, actors) used to inform security decisions and improve detection.

Q: What is the difference between strategic and tactical threat intel?

A: Strategic: high-level trends for executives. Tactical: specific IOCs and TTPs for SOC analysts.

Q: What is a SIEM correlation rule?

A: Logic that detects patterns across multiple log sources — e.g., "5 failed logins + 1 success from same IP in 5 minutes = brute force."

Q: What is the purpose of forensic imaging?

A: Create a bit-for-bit copy of storage media for analysis. Preserves evidence integrity. Verify with hash (SHA-256).

Q: What is Living-off-the-Land (LOtL)?

A: Attackers use legitimate system tools (PowerShell, WMI, certutil) for malicious purposes to evade detection.