312-49v11 Exam Question 66

Linda, a network security analyst, is reviewing the firewall logs after the security team identified unusual activity on the company's network. The firewall logs show multiple inbound connection attempts that were blocked, and Linda notices that the source IP address in these logs corresponds to an address that falls outside the organization ' s normal network range. This unfamiliar IP raises a red flag, and Linda knows that this could potentially be an attempt to breach the network.
Given the suspicious nature of the traffic and the company ' s recent focus on strengthening security measures, Linda must take the next step in her investigation to determine whether this activity is part of a broader attack attempt or if it is a legitimate request that was mistakenly flagged.
At this point, Linda considers several options. Which of the following steps should she take next to further investigate the potential security breach caused by this suspicious external IP address?
  • 312-49v11 Exam Question 67

    As the senior forensic analyst for an international software development firm, you're tasked with handling an ongoing investigation into suspected insider threats. Several project files have been reported as missing from the company's secured servers. In one instance, a junior team member reported receiving an email, seemingly from his manager, instructing him to move specific files to a shared network location. After complying, the files disappeared. As part of your investigation, you have acquired disk images of all systems involved. What should be your next step?
  • 312-49v11 Exam Question 68

    An international airline recently discovered a cyber intrusion in their reservation system. The breach was intricately planned and executed, leaving very few traces behind. The threat actors utilized sophisticated anti- forensics techniques, including data obfuscation and log manipulation, making it challenging for the internal cybersecurity team to trace the attack ' s origin and understand its full impact. Faced with this complicated investigation, which of the following should be the first course of action for the cybersecurity team?
  • 312-49v11 Exam Question 69

    As a cybersecurity analyst, recently, you detected an unusual increase in network traffic originating from multiple endpoints within the organization's network. Upon further investigation, you discovered that several employees received phishing emails containing seemingly innocuous attachments. However, these attachments are suspected to be part of a GootLoader campaign, a notorious malware distribution method.
    What could be concluded for the attachments?
  • 312-49v11 Exam Question 70

    You ' re a digital forensics investigator tasked with analyzing a bitmap image file (BMP) to gather information about its structure and contents. Understanding the file structure and data components is essential for conducting a thorough analysis. Which component of a bitmap image file contains data about the type, size, and layout of the file?