Security Operations Center (SOC) Analysts are cybersecurity experts responsible for identifying, analyzing, and mitigating cyber attacks in an organization. https://www.infosectrain.com/courses/soc-analyst-training/

1. SOC Analyst Tier 3 Interview
Questions
www.infosectrain.com | sales@infosectrain.com

2. www.infosectrain.com | sales@infosectrain.com
Security Operations Center (SOC) Analysts are cybersecurity experts responsible for
identifying, analyzing, and mitigating cyber attacks in an organization. The Tier 3 SOC
Analysts are more experienced than Tier 1 and Tier 2 SOC Analysts in examining
unknown threats. This article is curated with the interview questions for SOC Analysts L3
and helps to take a quick revision before cracking an interview.

3. www.infosectrain.com | sales@infosectrain.com
1. Define Security Information and Event Management (SIEM).
SIEM is an approach that combines the functions of Security Information Management
(SIM) and Security Event Management (SEM). It helps organizations identify security
threats and vulnerabilities before exploitation.
2. What are the various layers of the OSI model?
The OSI Model includes seven layers that develop the communication between network
devices:
• L1- Physical Layer
• L2- Data-link Layer
• L3- Network Layer
• L4- Transport Layer
• L5- Session Layer
• L6- Presentation Layer
• L7- Application Layer
3. Define SLA.
SLA stands for Service-level Agreement, an agreement between the customer and
service provider. The SLAs are categorized into three types:
• Customer-based SLA
• Multi-level SLA
• Service-based SLA

4. www.infosectrain.com | sales@infosectrain.com
4. Define SOC-CMM.
The SOC- Capability Maturity Model (CMM) is an open-source model used to measure
and develop the maturity and capability levels in the SOC over five domains:
• Business
• Process
• People
• Services
• Technology
SOC-CMM is a continuous maturity model that helps to measure capability and maturity
based on the Design Science Research methodology.
5. What are the various levels of CMM?
The various levels of CMM are as follows:
• Initial
• Repeatable
• Defined
• Managed
• Optimize
6. Explain CSRF.
CSRF stands for Cross-Site Request Forgery, defined as an attack aiming to authenticate
users to submit queries in a web application and allow hackers to exploit the system. It is
also termed CSRF, Session Riding, or Sea Surf.

5. www.infosectrain.com | sales@infosectrain.com
7. Distinguish between True Positive and False Positive?
The True positive is an output in which various security models are used to predict the
positive class accurately known as True Positive. In contrast, a False positive is an output
in which the model predicts the negative class inaccurately.
8. What do you understand about Threat Intelligence?
Threat Intelligence is an analysis of data using tools and techniques to develop insights
on existing threats using collected, processed, and analyzed data. It mitigates data loss
and implements security measures to protect the data from attacks.
19. What are the different types of threat intelligence?
The different types of threat intelligence are as follows:
• Operational threat intelligence
• Strategic threat intelligence
• Tactical threat intelligence
10. List out some of the SOC Models.
The following are some of the SOC models:
• Virtual SOC
• Multi-function SOC
• Co-managed SOC
• Command SOC
• Dedicated SOC

6. www.infosectrain.com | sales@infosectrain.com
SOC Specialists training with InfosecTrain
InfosecTrain is a well-known IT training consultancy platform for cybersecurity,
Information security, and cloud. It offers a SOC Specialist training program that helps
you understand the core concepts of SOC operations and advanced SIEM techniques
such as threat hunting, QRadar, cyber kill chain, etc. Check out and enroll now.

7. About InfosecTrain
• Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
• Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
• High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | sales@infosectrain.com

8. Our Endorsements
www.infosectrain.com | sales@infosectrain.com

9. Why InfosecTrain Global Learning Partners
Flexible modes
of Training
Tailor Made
Training
Post training
completion
Certified and
Experienced Instructors
Access to the
recorded
sessions
www.infosectrain.com | sales@infosectrain.com

10. Our Trusted Clients
www.infosectrain.com | sales@infosectrain.com

12. Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-722-11127 /
UK : +44 7451 208413
sales@infosectrain.com
www.infosectrain.com