Weeks before a proposed merger is scheduled for completion, a security analyst has noticed unusual traffic patterns on a file server that contains financial information. Routine scans are not detecting the signature of any known exploits or malware. The following entry is seen in the ftp server logs:
tftp -I 10.1.1.1 GET fourthquarterreport.xls
Which of the following is the BEST course of action?

A cybersecurity analyst has been asked to follow a corporate process that will be used to manage
vulnerabilities for an organization. The analyst notices the policy has not been updated in three years.
Which of the following should the analyst check to ensure the policy is still accurate?

Following a recent security breach, a post-mortem was done to analyze the driving factors behind the breach.
The cybersecurity analysis discussed potential impacts, mitigations, and remediations based on current events and emerging threat vectors tailored to specific stakeholders. Which of the following is this considered to be?

During an investigation, a computer is being seized. Which of the following is the FIRST step the analyst should take?

Malware is suspected on a server in the environment. The analyst is provided with the output of commands from servers in the environment and needs to review all output files in order to determine which process running on one of the servers may be malware.
Instructions:
Servers 1, 2 and 4 are clickable. Select the Server which hosts the malware, and select the process which hosts this malware.
If any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.