SOC Analyst Tier 2 Interview Questions
                     SOC Analyst Tier 2 Interview 
Questions
www.infosectrain.com | [email protected]
Security Operations Center (SOC) Analysts play a crucial role in identifying, analyzing, 
responding to and mitigating cyber attacks in an organization. The Tier 2 SOC 
Analysts are incident responders responsible for performing threat intelligence 
analysis to identify and respond to threats. This article provides the interview 
questions for SOC Analysts L2 and helps to take a quick revision before cracking an 
interview.
www.infosectrain.com | [email protected]
1. What is a TCP three-way handshake?
The three-way handshake is a protocol to create a reliable connection between client 
and server. It includes three essential interactions between client and server to 
exchange synchronize (SYN) and acknowledge (ACK) data packets.
2. What is an IDS?
An Intrusion Detection System (IDS) is a system that scans a network or system to 
identify suspicious activities and monitor network traffic. It generates alerts when 
suspicious activities are identified. The SOC Analysts can analyze the issue and 
implement various remediation techniques based on the alerts.
3. What is an IPS?
An Intrusion Prevention System (IPS) is a network security tool that continuously 
monitors the system or network traffic flow to identify and prevent malicious threats. It 
sends an alert to the security team, drops the malicious data packets, blocks or stops 
the network traffic, resets the connection, and configures the firewall to prevent future 
attacks.
4. How is vulnerability assessment different from penetration testing?
Vulnerability Assessment is an automated approach used to identify and prioritize the 
weaknesses in the network, system, hardware, or firewall using vulnerability scanning 
tools. In contrast, penetration testing is a manual approach that includes a deep 
simulation process to identify weaknesses in the system and fix them.
5. What is the XDR?
XDR stands for Extended Detection and Response, an advanced endpoint detection and 
response security approach used to detect threats by analyzing the data collected from 
wvwarwio. iunsfo ssoeucrtcraeisn..com | [email protected]
6. What is port scanning?
Port scanning is a method used by attackers to identify the open ports or weak ports in 
the network for exploitation. These ports enable sending or receiving data, and it also 
helps to understand the status of the security firewalls used by the organization.
7. What is the difference between TCP and UDP?
TCP UDP
Transmission Control Protocol (TCP) is a User Datagram Protocol (UDP) is a 
connection-oriented protocol. connectionless protocol, and no 
connections are established.
It arranges the data packets in sequential In UDP, data packets are independent of 
order for data transmission. others.
It is highly reliable. It is moderately reliable.
It supports the error control mechanism. It does not support the error control 
mechanism.
www.infosectrain.com | [email protected]
8. Explain the incident response life cycle.
The incident response life cycle is a step-by-step framework to identify and respond to 
cyber security incidents. The Incident response life cycle varies based on the framework 
used by the organization. The NIST framework includes four phases:
• Preparation
• Detection and Analysis
• Containment, Eradication, and recovery
• Post-Event Activity
9. What are the various types of IDS?
The following are the various types of Intrusion Detection Systems:
• Network Intrusion Detection System (NIDS)
• Host Intrusion Detection System (HIDS)
•  Hybrid Intrusion Detection System
• Protocol-based Intrusion Detection System (PIDS)
• Application Protocol-based Intrusion Detection System (APIDS
10.What are the best practices required to secure a server?
• Update the operating system and software regularly
• Regular backup of the data or files
• Install SSL Certificates
• Use VPNs
• Use Firewall protection
• Use Strong authentication passwords
www.infosectrain.com | [email protected]
SOC Analyst training with InfosecTrain
InfosecTrain’s SOC Analyst training program is curated by subject matter experts that 
provide a comprehensive understanding of SOC operations and procedures. It helps 
beginners and experienced SOC Analysts (L1/L2/L3) improve their skills in managing and 
responding to security threats.
www.infosectrain.com | [email protected]
About InfosecTrain
• Established in 2016, we are one of the finest 
Security and Technology Training and 
Consulting company
• Wide range of professional training programs, 
certifications & consulting services in the IT 
and Cyber Security domain
• High-quality technical services, certifications 
or customized training programs curated with 
professionals of over 15 years of combined 
experience in the domain
www.infosectrain.com | [email protected]
Our Endorsements
www.infosectrain.com | [email protected]
Why InfosecTrain Global Learning Partners
Certified and Flexible modes Access to the 
Experienced Instructors of Training recorded 
sessions
Post training Tailor Made 
completion Training
www.infosectrain.com | [email protected]
Our Trusted Clients
www.infosectrain.com | [email protected]

Contact us
Get your workforce reskilled 
by our certified and 
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-722-
11127  / UK : +44 7451 208413
[email protected]
www.infosectrain.com