In this part, suppose that you are hired as a security consultant for a corporate (XYZ.COM). The Security Operations Center (SOC) belonging to the company is hosted on-premises and consists of the below existing elements:

• SRV-1: SIEM Server
• SRV-2: Vulnerability Assessment Server
• FW-IPS1: Network Security devices
• Anti-Virus Agents: Endpoint protection agents
• SYSLOG Agents: Logging agents installed on Servers

As a security consultant, you should propose convenient configuration and SOC design. Answer the following:

1. Which SOC role (Cybersecurity Analyst) is more concerned with element SRV1? Give an example of a relevant task associated with this role. (2 marks)

2. Which SOC role is more concerned with element FW-IPS1? Give an example of a relevant task associated with this role. (2 marks)

3. Which of the existing elements should be sending logs to SRV-1? Is there any important element missing in this regard? Suggest and explain. (2 marks)

4. XYZ.COM is trying to protect a very important front-end application published to the Internet linked to a critical Database server at the back-end. Provide two solutions to protect the public web application from SQL injection attempts based on the web form. (2 marks)

5. The server is still susceptible to many attacks. You need to adequately classify these attacks by filling the table in below: (6 marks)

Security Feature	Fill by [1,2,3,4,5,6,7] or write the corresponding OSI layer name
Use of SSL	l
Standard Access Control List on Cisco router
Extended Access Control List on Cisco router
ZPF firewall
Intrusion prevention system
Switch port security