Crowdly
Add to Chrome
IT8510 - Threat Intelligence and Hunting
Looking for IT8510 - Threat Intelligence and Hunting test answers and solutions? Browse our comprehensive collection of verified answers for IT8510 - Threat Intelligence and Hunting at moodle.polytechnic.bh.
Get instant access to accurate answers and detailed explanations for your course questions. Our community-driven platform helps students succeed!
You are working as a SOC analyst and receive an alert from your SIEM indicating the execution of a PowerShell command on a user workstation. Further investigation reveals that the command silently downloads a script from a remote IP and executes it in memory without writing to disk. You suspect this may be part of a living-off-the-land technique used by advanced attackers.How does the MITRE ATT&CK framework most effectively assist in analyzing this situation?
❌
✅
❌
❌
View this question
While configuring Wazuh to automatically respond to SSH brute-force login attempts during a lab exercise, a student sets up an `<active-response>` block in the `ossec.conf` file. However, the automated blocking does not trigger as expected. Upon reviewing the configuration, the instructor points out that the `<rules_id>` field was missing. Why is it essential to correctly insert the `<rules_id>` in the `<active-response>` configuration?
0%
0%
0%
0%
View this question
While analyzing Windows event logs using DeepBlueCLI in a threat hunting session, a SOC analyst wants to review only suspicious PowerShell activity and exclude less critical messages such as "New User Created." The analyst prefers to visually filter the output interactively rather than using complex command-line conditions.Which PowerShell command is best suited for this filtering task?
0%
0%
0%
0%
View this question
What SOC activity does the following scenario BEST represent? A Tier-2 SOC analyst notices that despite a clean antivirus report, a critical server has exhibited intermittent command-and-control (C2) communication patterns to an external IP address over non-standard ports. No alerts were triggered by the SIEM or IDS. The analyst decides to manually pivot through historical logs, memory dumps, and anomalous process activity to uncover a stealthy PowerShell script that was never flagged by automated systems.
0%
0%
0%
0%
View this question
You are working as a SOC analyst and receive an alert from your SIEM indicating the execution of a PowerShell command on a user workstation. Further investigation reveals that the command silently downloads a script from a remote IP and executes it in memory without writing to disk. You suspect this may be part of a living-off-the-land technique used by advanced attackers. How does the MITRE ATT&CK framework most effectively assist in analyzing this situation?
❌
✅
❌
❌
View this question
During an internal penetration test, you gain access to a target machine and connect to it using `rpcclient` over SMB. You want to enumerate information about the system, including the operating system version, hostname, and domain name, without triggering alarms or using noisy tools. Which `rpcclient` command would you use to identify the OS version of the remote machine?
❌
✅
❌
❌
View this question
During a SOC onboarding session, a new analyst is tasked with understanding the architecture and origins of the Wazuh security platform. As part of the orientation, the lead engineer explains that Wazuh extends the capabilities of a pre-existing host-based intrusion detection system (HIDS) by adding centralized management, real-time monitoring, and integrations with modern SIEMs. Which open-source project forms the foundation upon which Wazuh is built?
0%
0%
0%
0%
View this question
During a routine SOC shift, an analyst observes a sudden surge of failed login attempts across multiple internal servers. The analyst then uses the organization’s SIEM platform to correlate this activity with VPN access logs, firewall data, and recent endpoint alerts. After investigation, the analyst confirms it is a coordinated brute-force attack from a known malicious IP range. Which of the following best describes the role of the SIEM tool in this situation?
0%
0%
0%
0%
View this question
A penetration tester is transferring a payload file from their attacking machine to a compromised target using Netcat. On the target machine, the tester has already set up a Netcat listener to receive the file. From the attacker's system, they execute a command to send the file over the open connection.Which Netcat file transfer mode is being used in this scenario?
0%
0%
0%
0%
View this question
A junior SOC analyst is configuring file integrity monitoring (FIM) on a Linux server using Wazuh. They want the system to detect unauthorized changes to sensitive files like `/etc/passwd` the moment they occur, instead of waiting for the next periodic scan. A senior engineer advises modifying the directory monitoring configuration to enable immediate detection of such events. Which of the following configuration options should the analyst include to achieve this behavior?
0%
0%
0%
0%
View this question