Join the discussion
Question 42/73
An organization recovered from a recent ransomware outbreak that resulted in significant business damage. Leadership requested a report that identifies the problems that triggered the incident and the security team's approach to address these problems to prevent a reoccurrence. Which components of the incident should an engineer analyze first for this report?
Correct Answer: D
Explanation/Reference:
Add Comments
- Other Question (73q)
- Q1. During a routine inspection of system logs, a security analyst notices an entry where Micr...
- Q2. A threat actor has successfully attacked an organization and gained access to confidential...
- Q3. Which tool conducts memory analysis?
- Q4. (Exhibit) Refer to the exhibit. According to the Wireshark output, what are two indicators...
- Q5. Refer to the exhibit. (Exhibit) What do these artifacts indicate?...
- Q6. A cybersecurity analyst must identify an unknown service causing high CPU on a Windows ser...
- Q7. An "unknown error code" is appearing on an ESXi host during authentication. An engineer ch...
- Q8. A scanner detected a malware-infected file on an endpoint that is attempting to beacon to ...
- Q9. A security team received an alert of suspicious activity on a user's Internet browser. The...
- Q10. Refer to the exhibit. (Exhibit) After a cyber attack, an engineer is analyzing an alert th...
- Q11. Refer to the exhibit. (Exhibit) A security analyst notices unusual connections while monit...
- Q12. An organization fell victim to a ransomware attack that successfully infected 256 hosts wi...
- Q13. Refer to the exhibit. (Exhibit) What should an engineer determine from this Wireshark capt...
- Q14. An insider scattered multiple USB flash drives with zero-day malware in a company HQ build...
- Q15. What is a use of TCPdump?
- Q16. What is an issue with digital forensics in cloud environments, from a security point of vi...
- Q17. A security team received reports of users receiving emails linked to external or unknown U...
- Q18. Refer to the exhibit. (Exhibit) A web hosting company analyst is analyzing the latest traf...
- Q19. What is the goal of an incident response plan?...
- Q20. Which tool is used for reverse engineering malware?...
- Q21. What can the blue team achieve by using Hex Fiend against a piece of malware?...
- Q22. An employee receives an email from a "trusted" person containing a hyperlink that is malve...
- Q23. Refer to the exhibit. (Exhibit) Which type of code created the snippet?...
- Q24. What are two features of Cisco Secure Endpoint? (Choose two.)...
- Q25. Refer to the exhibit. (Exhibit) According to the SNORT alert, what is the attacker perform...
- Q26. What are YARA rules based upon?
- Q27. Refer to the exhibit. (Exhibit) Which two actions should be taken based on the intelligenc...
- Q28. Refer to the exhibit. (Exhibit) An engineer is analyzing a TCP stream in Wireshark after a...
- Q29. (Exhibit)
- Q30. A security team needs to prevent a remote code execution vulnerability. The vulnerability ...
- Q31. Refer to the exhibit. (Exhibit) According to the Wireshark output, what are two indicators...
- Q32. (Exhibit) multiple machines behave abnormally. A sandbox analysis reveals malware. What mu...
- Q33. A workstation uploads encrypted traffic to a known clean domain over TCP port 80. What typ...
- Q34. An engineer received a report of a suspicious email from an employee. The employee had alr...
- Q35. Refer to the exhibit. (Exhibit) What should be determined from this Apache log?...
- Q36. A cybersecurity analyst is examining a complex dataset of threat intelligence information ...
- Q37. Refer to the exhibit. (Exhibit) What is occurring?...
- Q38. (Exhibit) Refer to the exhibit. Which type of code created the snippet?...
- Q39. What is the steganography anti-forensics technique?...
- Q40. Refer to the exhibit. (Exhibit) Which two actions should be taken based on the intelligenc...
- Q41. An analyst finds .xyz files of unknown origin that are large and undetected by antivirus. ...
- Q42. An organization recovered from a recent ransomware outbreak that resulted in significant b...
- Q43. What is the transmogrify anti-forensics technique?...
- Q44. Drag and drop the cloud characteristic from the left onto the challenges presented for gat...
- Q45. Over the last year, an organization's HR department has accessed data from its legal depar...
- Q46. Which magic byte indicates that an analyzed file is a pdf file?...
- Q47. A malware outbreak revealed that a firewall was misconfigured, allowing external access to...
- Q48. A security team receives reports of multiple files causing suspicious activity on users' w...
- Q49. A network host is infected with malware by an attacker who uses the host to make calls for...
- Q50. Refer to the exhibit. (Exhibit) Which type of code created the snippet?...
- Q51. An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the...
- Q52. Refer to the exhibit. (Exhibit) An HR department submitted a ticket to the IT helpdesk ind...
- Q53. An organization recovered from a recent ransomware outbreak that resulted in significant b...
- Q54. Drag and drop the capabilities on the left onto the Cisco security solutions on the right....
- Q55. An incident response analyst is preparing to scan memory using a YARA rule. How is this ta...
- Q56. Refer to the exhibit. (Exhibit) An engineer is analyzing a .LNK (shortcut) file recently r...
- Q57. Refer to the exhibit. (Exhibit) An alert came with a potentially suspicious activity from ...
- Q58. Refer to the exhibit. (Exhibit) Which encoding technique is represented by this HEX string...
- Q59. An incident response team is recommending changes after analyzing a recent compromise in w...
- Q60. An investigator notices that GRE packets are going undetected over the public network. Wha...
- Q61. What is the steganography anti-forensics technique?...
- Q62. An engineer is investigating a ticket from the accounting department in which a user disco...
- Q63. What is the transmogrify anti-forensics technique?...
- Q64. (Exhibit) Refer to the exhibit. After a cyber attack, an engineer is analyzing an alert th...
- Q65. Which technique is used to evade detection from security products by executing arbitrary c...
- Q66. Snort detects traffic that is targeting vulnerabilities in files that belong to software i...
- Q67. What is the function of a disassembler?
- Q68. (Exhibit) Refer to the exhibit. An HR department submitted a ticket to the IT helpdesk ind...
- Q69. Refer to the exhibit. (Exhibit) An HR department submitted a ticket to the IT helpdesk ind...
- Q70. Refer to the exhibit. (Exhibit) According to the SNORT alert, what is the attacker perform...
- Q71. An organization uses a Windows 7 workstation for access tracking in one of their physical ...
- Q72. Refer to the exhibit. (Exhibit)
- Q73. A new zero-day vulnerability is discovered in the web application. Vulnerability does not ...
