IT INTERNATIONAL ACADEMY

SOC (Security Operations Center) Analyst Assignment

Assignment Title: Introduction to Security Operations Center (SOC) Analysis and Incident Response

Course: Cyber Security

Level: Beginner to Intermediate

Total Marks: 100

Instructions

  1. Answer all questions.
  2. Submit your work in PDF or Word format.
  3. Include diagrams where necessary.
  4. Provide practical examples to support your answers.

Section A: Theory Questions (40 Marks)

Question 1 (10 Marks)
Define a Security Operations Center (SOC) and explain its primary objectives within an organization.
Question 2 (10 Marks)
Explain the roles and responsibilities of a SOC Analyst. Mention at least five daily tasks performed by a SOC Analyst.
Question 3 (10 Marks)
Differentiate between the following:
  • Event
  • Alert
  • Incident
Provide one practical example for each.
Question 4 (10 Marks)
Describe the three levels of SOC Analysts:
  • Tier 1 Analyst
  • Tier 2 Analyst
  • Tier 3 Analyst

Section B: Security Monitoring (30 Marks)

Question 5 (10 Marks)
What is a SIEM (Security Information and Event Management) system? Explain how it helps SOC Analysts detect threats.
Question 6 (10 Marks)
List and explain five common Indicators of Compromise (IOCs) that SOC Analysts monitor.
Question 7 (10 Marks)
Identify three cybersecurity threats commonly detected by SOC teams and explain how they can impact an organization.

Section C: Practical Analysis (30 Marks)

Scenario

A company's SIEM system generates the following alert:

  • Multiple failed login attempts from IP address 192.168.10.50
  • Successful login after 25 failed attempts
  • Login occurred at 02:15 AM
  • User account: admin_user
  • Location: Unknown
Question 8 (15 Marks)
Analyze the incident and answer the following:
  1. What type of attack is likely taking place?
  2. Why is this activity suspicious?
  3. What actions should a SOC Analyst take immediately?
Question 9 (15 Marks)
Prepare a short incident report based on the scenario above using the following format:
  • Incident Title
  • Date and Time
  • Description
  • Severity Level
  • Actions Taken
  • Recommendations

Bonus Question (Optional – 10 Marks)

Research a recent cybersecurity attack and explain:
  • What happened?
  • How the attack was conducted?
  • How organizations can protect themselves from similar attacks?

Submission Deadline: To be provided by the instructor

Lecturer: IT INTERNATIONAL ACADEMY – Cyber Security Department

End of Assignment 🎓🔐