Join the discussion
Question 1/122
The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?
Correct Answer: D
Add Comments
- Other Question (122q)
- Q1. The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis w...
- Q2. Refer to the exhibit. (Exhibit) IDS is producing an increased amount of false positive eve...
- Q3. What is the HTTP response code when the REST API information requested by the authenticate...
- Q4. Which command does an engineer use to set read/write/execute access on a folder for everyo...
- Q5. Refer to the exhibit. (Exhibit) Which command was executed in PowerShell to generate this ...
- Q6. What is the purpose of hardening systems?
- Q7. According to GDPR, what should be done with data to ensure its confidentiality, integrity,...
- Q8. An engineer has created a bash script to automate a complicated process. During script exe...
- Q9. A company's web server availability was breached by a DDoS attack and was offline for 3 ho...
- Q10. An engineer is analyzing a possible compromise that happened a week ago when the company d...
- Q11. A company's web server availability was breached by a DDoS attack and was offline for 3 ho...
- Q12. An engineer received multiple reports from users trying to access a company website and in...
- Q13. A security architect is working in a processing center and must implement a DLP solution t...
- Q14. An engineer receives a report that indicates a possible incident of a malicious insider se...
- Q15. Refer to the exhibit. (Exhibit) How must these advisories be prioritized for handling?...
- Q16. (Exhibit) Refer to the exhibit. Cisco Rapid Threat Containment using Cisco Secure Network ...
- Q17. A company's web server availability was breached by a DDoS attack and was offline for 3 ho...
- Q18. An engineer received an alert of a zero-day vulnerability affecting desktop phones through...
- Q19. Drag and drop the components from the left onto the phases of the CI/CD pipeline on the ri...
- Q20. Refer to the exhibit. (Exhibit) An engineer notices a significant anomaly in the traffic i...
- Q21. Refer to the exhibit. (Exhibit) Two types of clients are accessing the front ends and the ...
- Q22. Refer to the exhibit. (Exhibit) An engineer configured this SOAR solution workflow to iden...
- Q23. A SOC team is informed that a UK-based user will be traveling between three countries over...
- Q24. (Exhibit) Refer to the exhibit. Where are the browser page rendering permissions displayed...
- Q25. A company recently started accepting credit card payments in their local warehouses and is...
- Q26. Refer to the exhibit. (Exhibit) Which code snippet will parse the response to identify the...
- Q27. A European-based advertisement company collects tracking information from partner websites...
- Q28. (Exhibit) Refer to the exhibit. What is the threat in this Wireshark traffic capture?...
- Q29. (Exhibit) Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file...
- Q30. Drag and drop the threat from the left onto the scenario that introduces the threat on the...
- Q31. An engineer is utilizing interactive behavior analysis to test malware in a sandbox enviro...
- Q32. An engineer is utilizing interactive behavior analysis to test malware in a sandbox enviro...
- Q33. An engineer received an incident ticket of a malware outbreak and used antivirus and malwa...
- Q34. An audit is assessing a small business that is selling automotive parts and diagnostic ser...
- Q35. A threat actor used a phishing email to deliver a file with an embedded macro. The file wa...
- Q36. An engineer is moving data from NAS servers in different departments to a combined storage...
- Q37. What is a limitation of cyber security risk insurance?...
- Q38. A malware outbreak is detected by the SIEM and is confirmed as a true positive. The incide...
- Q39. The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis w...
- Q40. The incident response team was notified of detected malware. The team identified the infec...
- Q41. Drag and drop the NIST incident response process steps from the left onto the actions that...
- Q42. A Mac laptop user notices that several files have disappeared from their laptop documents ...
- Q43. A SOC team is informed that a UK-based user will be traveling between three countries over...
- Q44. The physical security department received a report that an unauthorized person followed an...
- Q45. The network operations center has identified malware, created a ticket within their ticket...
- Q46. An audit is assessing a small business that is selling automotive parts and diagnostic ser...
- Q47. Refer to the exhibit. (Exhibit) What is the connection status of the ICMP event?...
- Q48. Refer to the exhibit. (Exhibit) Where is the MIME type that should be followed indicated?...
- Q49. Which action should be taken when the HTTP response code 301 is received from a web applic...
- Q50. Refer to the exhibit. (Exhibit) What is the threat in this Wireshark traffic capture?...
- Q51. A SOC team receives multiple alerts by a rule that detects requests to malicious URLs and ...
- Q52. A SOC analyst is investigating a recent email delivered to a high-value user for a custome...
- Q53. Drag and drop the type of attacks from the left onto the cyber kill chain stages at which ...
- Q54. A SOC analyst is investigating a recent email delivered to a high-value user for a custome...
- Q55. How does Wireshark decrypt TLS network traffic?...
- Q56. Refer to the exhibit. (Exhibit) For IP 192.168.1.209, what are the risk level, activity, a...
- Q57. An employee abused PowerShell commands and script interpreters, which lead to an indicator...
- Q58. An engineer receives an incident ticket with hundreds of intrusion alerts that require inv...
- Q59. Drag and drop the cloud computing service descriptions from the left onto the cloud servic...
- Q60. A patient views information that is not theirs when they sign in to the hospital's online ...
- Q61. Employees receive an email from an executive within the organization that summarizes a rec...
- Q62. Refer to the exhibit. (Exhibit) Which indicator of compromise is represented by this STIX?...
- Q63. A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The in...
- Q64. Refer to the exhibit. (Exhibit) Based on the detected vulnerabilities, what is the next re...
- Q65. A company recently completed an internal audit and discovered that there is CSRF vulnerabi...
- Q66. How is a SIEM tool used?
- Q67. A security architect in an automotive factory is working on the Cyber Security Management ...
- Q68. A security expert is investigating a breach that resulted in a $32 million loss from custo...
- Q69. A SIEM tool fires an alert about a VPN connection attempt from an unusual location. The in...
- Q70. Drag and drop the actions below the image onto the boxes in the image for the actions that...
- Q71. An engineer received an alert of a zero-day vulnerability affecting desktop phones through...
- Q72. A company launched an e-commerce website with multiple points of sale through internal and...
- Q73. A SOC analyst is notified by the network monitoring tool that there are unusual types of i...
- Q74. A customer is using a central device to manage network devices over SNMPv2. A remote attac...
- Q75. Refer to the exhibit. (Exhibit) Where are the browser page rendering permissions displayed...
- Q76. An employee who often travels abroad logs in from a first-seen country during non-working ...
- Q77. What is the HTTP response code when the REST API information requested by the authenticate...
- Q78. A new malware variant is discovered hidden in pirated software that is distributed on the ...
- Q79. What is a benefit of key risk indicators?
- Q80. Refer to the exhibit. (Exhibit) An engineer must tune the Cisco IOS device to mitigate an ...
- Q81. How is a SIEM tool used?
- Q82. Refer to the exhibit. A threat actor behind a single computer exploited a cloud-based appl...
- Q83. Refer to the exhibit. (Exhibit) How must these advisories be prioritized for handling?...
- Q84. Refer to the exhibit. (Exhibit) Where are the browser page rendering permissions displayed...
- Q85. Refer to the exhibit. (Exhibit) An engineer is reverse engineering a suspicious file by ex...
- Q86. A new malware variant is discovered hidden in pirated software that is distributed on the ...
- Q87. Refer to the exhibit. (Exhibit) An employee is a victim of a social engineering phone call...
- Q88. Refer to the exhibit. (Exhibit) Based on the detected vulnerabilities, what is the next re...
- Q89. A European-based advertisement company collects tracking information from partner websites...
- Q90. Drag and drop the threat from the left onto the scenario that introduces the threat on the...
- Q91. A SOC engineer discovers that the organization had three DDOS attacks overnight. Four serv...
- Q92. Refer to the exhibit. (Exhibit) An engineer is analyzing this Vlan0386-int12-117.pcap file...
- Q93. A security manager received an email from an anomaly detection service, that one of their ...
- Q94. Refer to the exhibit. (Exhibit) An engineer must tune the Cisco IOS device to mitigate an ...
- Q95. The incident response team was notified of detected malware. The team identified the infec...
- Q96. An API developer is improving an application code to prevent DDoS attacks. The solution ne...
- Q97. Refer to the exhibit. (Exhibit) Which asset has the highest risk value?...
- Q98. Refer to the exhibit. (Exhibit) Rapid Threat Containment using Cisco Secure Network Analyt...
- Q99. An employee who often travels abroad logs in from a first-seen country during non-working ...
- Q100. An organization installed a new application server for IP phones. An automated process fet...
- Q101. An engineer detects an intrusion event inside an organization's network and becomes aware ...
- Q102. An organization had several cyberattacks over the last 6 months and has tasked an engineer...
- Q103. A security engineer discovers that a spreadsheet containing confidential information for n...
- Q104. Refer to the exhibit. (Exhibit) Cisco Rapid Threat Containment using Cisco Secure Network ...
- Q105. Drag and drop the cloud computing service descriptions from the left onto the cloud servic...
- Q106. A customer is using a central device to manage network devices over SNMPv2. A remote attac...
- Q107. A security architect in an automotive factory is working on the Cyber Security Management ...
- Q108. A payroll administrator noticed unexpected changes within a piece of software and reported...
- Q109. Refer to the exhibit. (Exhibit) What is occurring in this packet capture?...
- Q110. An engineer notices that every Sunday night, there is a two-hour period with a large load ...
- Q111. The incident response team receives information about the abnormal behavior of a host. A m...
- Q112. What do 2xx HTTP response codes indicate for REST APIs?...
- Q113. (Exhibit) Refer to the exhibit. Which data format is being used?...
- Q114. Drag and drop the actions below the image onto the boxes in the image for the actions that...
- Q115. What is idempotence?
- Q116. Refer to the exhibit. (Exhibit) An engineer received a report that an attacker has comprom...
- Q117. An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT ...
- Q118. A patient views information that is not theirs when they sign in to the hospital's online ...
- Q119. (Exhibit) Refer to the exhibit. At which stage of the threat kill chain is an attacker, ba...
- Q120. Refer to the exhibit. Which indicator of compromise is represented by this STIX? (Exhibit)...
- Q121. What is the impact of hardening machine images for deployment?...
- Q122. What is idempotence?
