Multiple Choice
A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The incident response team validates that an attacker has installed a remote access tool on a user's laptop while traveling. The attacker has the user's credentials and is attempting to connect to the network. What is the next step in handling the incident?
A) Block the source IP from the firewall
B) Perform an antivirus scan on the laptop
C) Identify systems or services at risk
D) Identify lateral movement
Correct Answer:
Verified
Correct Answer:
Verified
Q12: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the
Q13: Which bash command will print all lines
Q14: An analyst is alerted for a malicious
Q15: The incident response team receives information about
Q16: Refer to the exhibit. What is occurring
Q18: An employee abused PowerShell commands and script
Q19: After a recent malware incident, the forensic
Q20: An analyst wants to upload an infected
Q21: Refer to the exhibit. Which asset has
Q22: <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1178/.jpg" alt=" Refer to the