Multiple Choice
A security analyst receives an escalation regarding an unidentified connection on the Accounting A1 server within a monitored zone. The analyst pulls the logs and discovers that a Powershell process and a WMI tool process were started on the server after the connection was established and that a PE format file was created in the system directory. What is the next step the analyst should take?
A) Isolate the server and perform forensic analysis of the file to determine the type and vector of a possible attack
B) Identify the server owner through the CMDB and contact the owner to determine if these were planned and identifiable activities
C) Review the server backup and identify server content and data criticality to assess the intrusion risk
D) Perform behavioral analysis of the processes on an isolated workstation and perform cleaning procedures if the file is malicious
Correct Answer:
Verified
Correct Answer:
Verified
Q30: An API developer is improving an application
Q31: A patient views information that is not
Q32: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q33: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q34: An analyst received multiple alerts on the
Q36: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q37: A payroll administrator noticed unexpected changes within
Q38: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q39: A Mac laptop user notices that several
Q40: A company recently started accepting credit card