A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?
A.
DDoS
B.
APT
C.
Ransomware
D.
Software vulnerability
Explanation:
I’m not sure if D is the correct answer. Why not B?
7
0
Answer: D (Software Vulnerability)
This is an example of a stupidly worded question. SIEM combines real-time Information Management and Event Management analysis of events generated by applications and network devices. SIEM uses a holistic approach to security.
Advanced Persistent Threats (APTs) take the form of ‘sleepers’ in the system. Basically, ‘deus ex-machina’; threat actors use various forms to gain and maintain entry. Also, typically, APTs tend to do no damage to the system; their job is to stay undetected and steal/ex-filtrate data.
4
4
Explanation was for answer B, NOT D. My bad… Answer: B (APT)
0
0