What SOC activity does the following scenario BEST represent? A Tier-2 SOC analyst notices that despite a clean antivirus report, a critical server has exhibited intermittent command-and-control (C2) communication patterns to an external IP address over non-standard ports. No alerts were triggered by the SIEM or IDS. The analyst decides to manually pivot through historical logs, memory dumps, and anomalous process activity to uncover a stealthy PowerShell script that was never flagged by automated systems.

Question

Answer

Proactive threat hunting to uncover advanced persistent threats missed by automated tools

Answer

Incident response involving malware remediation on the server

Answer

Vulnerability scanning to detect outdated software and system misconfigurations

Answer

Routine digital forensics conducted after confirmed malware infection

Crowdly

What SOC activity does the following scenario BEST represent? A Tier-2 SOC analy...

Want instant access to all verified answers on moodle.polytechnic.bh?