An Incident Responder documented the scope of a recent outbreak by reviewing the incident in the ATP manager. Which two entity relationship examples should the responder look for and document from the Incident Graph? (Choose two.)
A. An intranet website that is experiencing an increase in traffic from endpoints in a smaller branch office.
B. A server in the DMZ that was repeatedly accessed outside of normal business hours on the weekend.
C. A network share is repeatedly accessed during and after an infection indicating a more targeted attack.
D. A malicious file that was repeatedly downloaded by a Trojan or a downloader that infected multiple endpoints.
E. An external website that was the source of many malicious files.
|
Download Printable PDF. VALID exam to help you PASS. |
 |