Question 201
A company was recently breached Part of the company's new cybersecurity strategy is to centralize the logs from all security devices Which of the following components forwards the logs to a central source?
Question 202
A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?
Question 203
Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue?
Question 204
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:
To better understand what is going on, the analyst runs a command and receives the following output:
Based on the analyst's findings, which of the following attacks is being executed?
To better understand what is going on, the analyst runs a command and receives the following output:
Based on the analyst's findings, which of the following attacks is being executed?
Question 205
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:
Which of the following network attacks is the researcher MOST likely experiencing?
Which of the following network attacks is the researcher MOST likely experiencing?