212-89 Exam Question 51

Emily, a member of the cybersecurity response team, receives an alert indicating suspicious login attempts on the company's internal HR portal. Upon inspection, she finds several failed login attempts from a foreign IP address targeting administrative accounts. Further investigation reveals that one of the accounts was compromised and its privileges were escalated. What indicator most strongly suggests this is an unauthorized access incident?
  • 212-89 Exam Question 52

    Johnson an incident handler is working on a recent web application attack faced by the organization. As part of this process, he performed data preprocessing in order to analyzing and detecting the watering hole attack. He preprocessed the outbound network traffic data collected from firewalls and proxy servers and started analyzing the user activities within a certain time period to create time-ordered domain sequences to perform further analysis on sequential patterns.
    Identify the data-preprocessing step performed by Johnson.
  • 212-89 Exam Question 53

    Jake, a senior incident responder in a financial institution's SOC, receives a high-severity alert from the intrusion detection system (IDS). The alert indicates a flood of SYN packets targeting the internal web server, which has now become sluggish and unresponsive to legitimate client requests. The sudden surge in half-open connections is causing resource exhaustion on the server. Suspecting a SYN flood attack-a type of denial-of- service (DoS) attack-Jake needs to verify the source and nature of the traffic to determine the appropriate containment and mitigation strategy while preserving system integrity and uptime. What step should Jake take first in response to this suspected DoS incident?
  • 212-89 Exam Question 54

    For analyzing the system, the browser data can be used to access various credentials.
    Which of the following tools is used to analyze the history data files in Microsoft Edge browser?
  • 212-89 Exam Question 55

    DeltaCorp, a global e-commerce company, received an email sent to the financial department claiming to be from the CEO, requesting an urgent transfer of funds. To determine the legitimacy of this potentially deceptive email, which of the following should be the primary focus of the investigation?