PrepAway - Latest Free Exam Questions & Answers

Which of the following threats has the security analyst…

A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

PrepAway - Latest Free Exam Questions & Answers

A.
DDoS

B.
APT

C.
Ransomware

D.
Software vulnerability

Explanation:

PrepAway - Latest Free Exam Questions & Answers

3 Comments on “Which of the following threats has the security analyst…

  1. Tetra-Grammaton-Cleric says:

    Answer: D (Software Vulnerability)
    This is an example of a stupidly worded question. SIEM combines real-time Information Management and Event Management analysis of events generated by applications and network devices. SIEM uses a holistic approach to security.
    Advanced Persistent Threats (APTs) take the form of ‘sleepers’ in the system. Basically, ‘deus ex-machina’; threat actors use various forms to gain and maintain entry. Also, typically, APTs tend to do no damage to the system; their job is to stay undetected and steal/ex-filtrate data.




    4



    4

Leave a Reply