A cybersecurity analyst has several SIEM event logs to review for possible APT activity. The analyst was given several items that include lists of indicators for bothIP addresses and domains. Which of the following actions is the BEST approach for the analyst to perform?
A system administrator has reviewed the following output:Which of the following can a system administrator infer from the above output?
An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?
An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?
A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?
SIMULATION -The developers recently deployed new code to three web servers. A daily automated external device scan report shows server vulnerabilities that are failing items according to PCI DSS.If the vulnerability is not valid, the analyst must take the proper steps to get the scan clean.If the vulnerability is valid, the analyst must remediate the finding.After reviewing the information provided in the network diagram, select the STEP 2 tab to complete the simulation by selecting the correct Validation Result andRemediation Action for each server listed using the drop-down options.Instructions -STEP 1: Review the information provided in the network diagram.STEP 2: Given the scenario, determine which remediation action is required to address the vulnerability.If at any time you would like to bring back the initial state of the simulation, please select the Reset All button.
