CS0-003 Exam Question 11

An analyst is reviewing a dashboard from the company's SIEM and finds that an IP address known to be malicious can be tracked to numerous high-priority events in the last two hours. The dashboard indicates that these events relate to TTPs. Which of the following is the analyst most likely using?
  • CS0-003 Exam Question 12

    An organization has noticed large amounts of data are being sent out of its network. An analyst is identifying the cause of the data exfiltration.
    INSTRUCTIONS
    Select the command that generated the output in tabs 1 and 2.
    Review the output text in all tabs and identify the file responsible for the malicious behavior.
    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






    CS0-003 Exam Question 13

    A security analyst has identified a new malware file that has impacted the organization. The malware is polymorphic and has built-in conditional triggers that require a connection to the internet. The CPU has an idle process of at least 70%. Which of the following best describes how the security analyst can effectively review the malware without compromising the organization's network?
  • CS0-003 Exam Question 14

    While reviewing the web server logs a security analyst notices the following snippet
    ..\../..\../boot.ini
    Which of the following is being attempted?
  • CS0-003 Exam Question 15

    A security analyst observed the following activity from a privileged account:
    . Accessing emails and sensitive information
    . Audit logs being modified
    . Abnormal log-in times
    Which of the following best describes the observed activity?