Defensive security vs offensive security — Quiz

Defensive security vs offensive security

1. According to the lesson, what is the fundamental distinction between a blue team and more formal teams like a SOC or CSIRT? (Choose one answer) a) Blue Teams are always in-house employees, while SOCs are always outsourced to an MSSP b) Blue team is a functional concept describing defensive activities, while SOC and CSIRT are formal team names c) Blue Teams focus on offensive security, while SOC and CSIRT are purely defensive d) The Blue Team is a contracted red team that tests the internal SOC and CSIRT

2. What is the primary function of a Security Operations Center (SOC) as described in the lesson? (Choose one answer) a) To perform long-term, adversarial simulations mimicking real-world attackers b) To manage the organization's software patching and system hardening programs c) To conduct forensic analysis and legal coordination after a major breach d) To provide continuous monitoring, detection, and initial triage of security threats

3. When comparing ethical hacking and red teaming, what is a key differentiator of a red team engagement? (Choose one answer) a) Its objective is to find and fix as many technical vulnerabilities as possible b) It operates with explicit, legal permission from the system owner c) Its primary goal is to test the organization's detection and response capabilities d) It primarily uses authenticated scans to simulate an insider attack

4. In a large enterprise, how does the lesson typically describe the relationship between the SOC and the CSIRT? (Choose one answer) a) The SOC is the proactive defense unit, and the CSIRT handles daily monitoring b) The SOC and CSIRT are the same team, with members performing both roles interchangeably c) The SOC handles continuous monitoring and escalates confirmed serious incidents to the CSIRT for response d) The CSIRT is responsible for all security tooling and the SOC focuses solely on threat intelligence

5. Which of the following best describes the "Prevent" function of a blue team, as outlined in the lesson's activity table? (Choose one answer) a) Continuous monitoring and log analysis using a SIEM b) Containing the impact of a security incident and performing forensics c) Identifying and patching vulnerabilities and hardening system configurations d) Proactively searching for hidden threats based on intelligence and hypotheses