Multiple Choice
A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?
A) Run and analyze the DLP Incident Summary Report from the Email Security Appliance
B) Ask the company to execute the payload for real time analysis
C) Investigate further in open source repositories using YARA to find matches
D) Obtain a copy of the file for detonation in a sandbox
Correct Answer:
Verified
Correct Answer:
Verified
Q1: An organization had a breach due to
Q3: Refer to the exhibit. Which indicator of
Q4: An organization is using a PKI management
Q5: An employee who often travels abroad logs
Q6: Refer to the exhibit. Which command was
Q7: What is idempotence?<br>A) the assurance of system
Q8: An engineer received multiple reports from users
Q9: A logistic company must use an outdated
Q10: What is a limitation of cyber security
Q11: An engineer received an alert of a