Would this be a proper correlation between entity and attack stage? (You see an alert for a user sending DNS requests for TOR sites, and correlate this to data exfiltration.) A. Yes B. No
Refer to the exhibit. You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this…
Refer to the exhibit. You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this…
Your company has found some suspicious conversations for some internal users. The security team suspects those users are communicating with entities in other countries. You have been assigned the task of identifying those users who are either uploading or downloading…
Your company has found some suspicious conversations for some internal users. The security team suspects those users are communicating with entities in other countries. You have been assigned the task of identifying those users who are either uploading or downloading…
An admin is evaluating entity activity alerts for large internal downloads, excessive host access, accessing hosts with SSH, and host and port scans. Is this a correct reason for these types of alerts? (a malware seeking command and control.) A.…
Refer to the exhibit. You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this…
Refer to the exhibit. You have been assigned a task to monitor, analyze, and find those entities who are trying to access internal resources without having valid user credentials. You are creating an AD-based use case to look for this…
Refer to the exhibit. You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location C.) A. Yes B. No
Refer to the exhibit. You are monitoring network traffic and considering DNS flow patterns. Where is a good location to place the Network Tap or Taps? (Location A.) A. Yes B. No