Multiple Choice
A SOC engineer discovers that the organization had three DDOS attacks overnight. Four servers are reported offline, even though the hardware seems to be working as expected. One of the offline servers is affecting the pay system reporting times. Three employees, including executive management, have reported ransomware on their laptops. Which steps help the engineer understand a comprehensive overview of the incident?
A) Run and evaluate a full packet capture on the workloads, review SIEM logs, and define a root cause.
B) Run and evaluate a full packet capture on the workloads, review SIEM logs, and plan mitigation steps.
C) Check SOAR to learn what the security systems are reporting about the overnight events, research the attacks, and plan mitigation step.
D) Check SOAR to know what the security systems are reporting about the overnight events, review the threat vectors, and define a root cause.
Correct Answer:
Verified
Correct Answer:
Verified
Q68: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q69: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q70: An organization had an incident with the
Q71: How is a SIEM tool used?<br>A) To
Q72: A European-based advertisement company collects tracking information
Q74: A cloud engineer needs a solution to
Q75: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q76: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q77: A threat actor has crafted and sent
Q78: An organization suffered a security breach in