During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.
Which of the following tools can the analyst use to verify the permissions?

A security analyst is logged into a Windows file server and needs to see who is accessing files and from which computers Which of the following tools should the analyst use?

Security analysts are conducting an investigation of an attack that occurred inside the organization's network.
An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:

The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue.
Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?