Multiple Choice
An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP manager. Which two entity relationship examples should the responder look for and document from the Incident Graph? (Choose two.)
A) An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office.
B) A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.
C) A network share is repeatedly accessed during and after an infection indicating a more targeted attack.
D) A malicious file that was repeatedly downloaded by a Trojan or a downloader that infected multiple endpoints.
E) An external website that was the source of many malicious files.
Correct Answer:
Verified
Correct Answer:
Verified
Q45: You are working on Storage foundation for
Q46: Which ClientNet settings allow an administrator to
Q47: You have a system that has two
Q48: An administrator is tasked with installing a
Q49: When will an end user receive a
Q51: A divisional executive requests a report of
Q52: What is the default action for a
Q53: Which SEP technology does an Incident Responder
Q54: Which two locations can the administrator verify
Q55: An Incident Responder documented the scope of