Information Security Analysts
Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.
Representative task statements
Paraphrased from the O*NET record for this SOC code.
- Monitor use of data files and regulate access to safeguard information in computer files.
- Document computer security and emergency measures policies, procedures, and tests.
- Monitor current reports of computer viruses to determine when to update virus protection systems.
- Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
EWU courses that prepare for this occupation
CSCD240-S26
CSCD 240 — C and Unix Programming
CSCD240
CSCD 240 — C and Unix Programming
CSCD330
CSCD 330 — Data Communications and Networks
CSCD379
CSCD 379 — Cybersecurity I: Foundations
CSCD380
CSCD 380 — Cybersecurity II: Systems and Operations
CSCD381
CSCD 381 — Cybersecurity III: Offense and Defense
CSCD432
CSCD 432 — Computer Networks II
CSCD434
CSCD 434 — Network Security
CSCD436
CSCD 436 — Digital Forensics
CSCD438
CSCD 438 — Vulnerability Analysis
Exam questions tagged to this occupation
- CSCD240-E1-A-Q14 grep-recursive Show the filenames containing "printf" in all .c files in home directory and subdirs.
- CSCD240-E1-A-Q29 regex contacts.txt has Name<tab>number lines. Print only those whose number ends with 6.
- CSCD240-E1-A-Q34 grep Print lines of access.log containing 403 with their line numbers.
- CSCD240-E1-A-Q50 log-pipeline auth.log line format "2026-04-14 08:31 FAIL user=alex src=10.x". Print top-3 FAIL source IPs, count first, most-frequent first.
- CSCD240-E1-A-Q04 permissions Given -rw-r-x--x 2 ssteiner faculty 4096 Apr 14 09:30 notes.sh — what does the - as first symbol mean?
- CSCD240-E1-A-Q06 permissions First symbol d — what does this mean?
- CSCD240-E1-A-Q07 permissions First symbol l — what does this mean?
- CSCD240-E1-A-Q08 permissions What does 4096 refer to in the ls -l line?
- CSCD240-E1-A-Q09 permissions Who owns this file?
- CSCD240-E1-A-Q10 permissions What group does this file belong to?
- CSCD240-E1-A-Q11 permissions-chmod Change permissions of notes.sh: owner rwx, group rx, other none. Use octal.
- CSCD240-E1-A-Q12 permissions-chmod Using only letters, remove write permission from the owner on notes.sh.
- CSCD240-E1-A-Q38 pipeline-distinct Count distinct lines in visitors.txt (unsorted input).
- CSCD240-E1-A-Q41 setuid Explain the setuid bit in 1-2 sentences using the term "effective user ID".
- CSCD240-E1-A-Q44 history Bash keystroke that begins reverse-incremental history search.
- CSCD240-E1-B-Q02 recon Landing on a target; identify host kernel + architecture in one command.
- CSCD240-E1-B-Q03 recon Print your current username.
- CSCD240-E1-B-Q04 recon Print the groups your user belongs to.
- CSCD240-E1-B-Q05 permissions First symbol - on /usr/bin/passwd means what?
- CSCD240-E1-B-Q06 permissions-special Owner triad shows rws instead of rwx. Name the bit.
- CSCD240-E1-B-Q11 harden Remove setuid bit from /opt/app/runner without changing other permissions.
- CSCD240-E1-B-Q13 harden Recursively set permissions on ~/secrets/ so only owner has any access.
- CSCD240-E1-B-Q15 redir Send only stderr of "scan /etc/shadow" to errors.log; leave stdout on terminal.
- CSCD240-E1-B-Q16 redir Send BOTH stdout and stderr of build.sh to build.log.
- CSCD240-E1-B-Q19 log-pipeline Top 5 source IPs in FAIL lines of auth.log, where IP is field 5.
- CSCD240-E1-B-Q20 log-pipeline Count distinct usernames on FAIL lines of auth.log where username is "user=<name>".
- CSCD240-E1-B-Q35 forensics-time Print last-modification time of /var/log/syslog in machine-readable (seconds-epoch or ISO) format.
- CSCD240-E1-B-Q36 forensics-timeline List the 5 most recently modified files in /tmp (newest first).
- CSCD240-E1-B-Q37 forensics-hex Print a hex + ASCII side-by-side dump of the first 256 bytes of sample.bin.
- CSCD240-E1-B-Q38 forensics-strings List every printable ASCII string length≥8 inside sample.bin.
- CSCD240-E1-B-Q47 history Re-run the previous command with sudo prepended without retyping.
- CSCD240-E1-B-Q48 history Bash keystroke to begin reverse-incremental history search.
- CSCD240-E1-C-Q04 setuid A -rwsr-xr-x file owned by root. Execution causes what?
- CSCD240-E1-C-Q05 redir Which redirection sends only stderr of a command to a file err.log?
- CSCD240-E1-C-Q07 permissions First character of ls -l that identifies a symbolic link?
- CSCD240-E1-C-Q15 pipeline-distinct Which pipeline counts distinct values in column 1 of a CSV?
- CSCD240-E1-C-Q16 permissions-special What does the sticky bit on a directory do?
- CSCD240-E1-C-Q19 forensics-strings Which command lists printable ASCII strings of length ≥8 inside binary.bin?
- CSCD240-E1-C-Q21 forensics-time Which find predicate matches files modified within the last 24 hours?
- CSCD240-E1-C-Q23 harden Remove the setuid bit from /opt/svc/agent using symbolic form, leaving other perms.