You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server?Malicious processesOff-hours usageUnauthorized sessionsFailed loginsSee all questionsSkip question
Question
You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server?Malicious processesOff-hours usageUnauthorized sessionsFailed loginsSee all questionsSkip question
Solution
You would NOT search for "Malicious processes" on the server. This is because malicious processes are not account-based indicators of compromise (IoC). They are system-based IoCs. Account-based IoCs would include things like off-hours usage, unauthorized sessions, and failed logins.
Similar Questions
An organization is reviewing its security logs and notices multiple authentication requests to its web application from different geographic locations within a short timeframe, all using the same user ID. Which type of attack should be suspected?Privilege escalationBrute forceSprayingReplay查看全部问题返回跳过问题
Question 5As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.1 pointAn intrusion detection system (IDS)A cryptographic encoderAn antivirus softwareA network protocol analyzer (packet sniffer)
A penetration testing service hired by the company has reported that a backdoor was identified on the network. What action should the organization take to find out if systems have been compromised?Select one:Look for unauthorized accounts.Look for policy changes in Event Viewer.Scan the systems for viruses.Look for usernames that do not have passwords.
A school has a web server mainly used for parents to view school events, access student records, and communicate with teachers and administration. The network admin suspects a security-related event has occurred and is reviewing what steps should be taken.WHAT HAS HAPPENED: The network administrator believes that the threat actor used a commonly available tool to slow the server down. The administrator concludes that based on the source IP address identified in the alert, the threat actor was probably one of the students. The student would be classified as a(n) _____ hackersemi-authorizedgovernmentauthorizedunauthorized
Question 5As a security analyst, you are monitoring network traffic and detect a large number of failed login attempts. Which of the following tools would help you investigate this incident? Select two answers.1 pointA network protocol analyzer (packet sniffer)An antivirus softwareAn intrusion detection system (IDS)A cryptographic encoder
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.