Crowdly
Додати до Chrome
IT8510 - Threat Intelligence and Hunting
Шукаєте відповіді та рішення тестів для IT8510 - Threat Intelligence and Hunting? Перегляньте нашу велику колекцію перевірених відповідей для IT8510 - Threat Intelligence and Hunting в moodle.polytechnic.bh.
Отримайте миттєвий доступ до точних відповідей та детальних пояснень для питань вашого курсу. Наша платформа, створена спільнотою, допомагає студентам досягати успіху!
You are working as a SOC analyst and receive an alert from your SIEM indicating the execution of a PowerShell command on a user workstation. Further investigation reveals that the command silently downloads a script from a remote IP and executes it in memory without writing to disk. You suspect this may be part of a living-off-the-land technique used by advanced attackers.How does the MITRE ATT&CK framework most effectively assist in analyzing this situation?
❌
✅
❌
❌
Переглянути це питання
While configuring Wazuh to automatically respond to SSH brute-force login attempts during a lab exercise, a student sets up an `<active-response>` block in the `ossec.conf` file. However, the automated blocking does not trigger as expected. Upon reviewing the configuration, the instructor points out that the `<rules_id>` field was missing. Why is it essential to correctly insert the `<rules_id>` in the `<active-response>` configuration?
0%
0%
0%
0%
Переглянути це питання
While analyzing Windows event logs using DeepBlueCLI in a threat hunting session, a SOC analyst wants to review only suspicious PowerShell activity and exclude less critical messages such as "New User Created." The analyst prefers to visually filter the output interactively rather than using complex command-line conditions.Which PowerShell command is best suited for this filtering task?
0%
0%
0%
0%
Переглянути це питання
What SOC activity does the following scenario BEST represent? A Tier-2 SOC analyst notices that despite a clean antivirus report, a critical server has exhibited intermittent command-and-control (C2) communication patterns to an external IP address over non-standard ports. No alerts were triggered by the SIEM or IDS. The analyst decides to manually pivot through historical logs, memory dumps, and anomalous process activity to uncover a stealthy PowerShell script that was never flagged by automated systems.
0%
0%
0%
0%
Переглянути це питання
You are working as a SOC analyst and receive an alert from your SIEM indicating the execution of a PowerShell command on a user workstation. Further investigation reveals that the command silently downloads a script from a remote IP and executes it in memory without writing to disk. You suspect this may be part of a living-off-the-land technique used by advanced attackers. How does the MITRE ATT&CK framework most effectively assist in analyzing this situation?
❌
✅
❌
❌
Переглянути це питання
During an internal penetration test, you gain access to a target machine and connect to it using `rpcclient` over SMB. You want to enumerate information about the system, including the operating system version, hostname, and domain name, without triggering alarms or using noisy tools. Which `rpcclient` command would you use to identify the OS version of the remote machine?
❌
✅
❌
❌
Переглянути це питання
During a SOC onboarding session, a new analyst is tasked with understanding the architecture and origins of the Wazuh security platform. As part of the orientation, the lead engineer explains that Wazuh extends the capabilities of a pre-existing host-based intrusion detection system (HIDS) by adding centralized management, real-time monitoring, and integrations with modern SIEMs. Which open-source project forms the foundation upon which Wazuh is built?
0%
0%
0%
0%
Переглянути це питання
During a routine SOC shift, an analyst observes a sudden surge of failed login attempts across multiple internal servers. The analyst then uses the organization’s SIEM platform to correlate this activity with VPN access logs, firewall data, and recent endpoint alerts. After investigation, the analyst confirms it is a coordinated brute-force attack from a known malicious IP range. Which of the following best describes the role of the SIEM tool in this situation?
0%
0%
0%
0%
Переглянути це питання
A penetration tester is transferring a payload file from their attacking machine to a compromised target using Netcat. On the target machine, the tester has already set up a Netcat listener to receive the file. From the attacker's system, they execute a command to send the file over the open connection.Which Netcat file transfer mode is being used in this scenario?
0%
0%
0%
0%
Переглянути це питання
A junior SOC analyst is configuring file integrity monitoring (FIM) on a Linux server using Wazuh. They want the system to detect unauthorized changes to sensitive files like `/etc/passwd` the moment they occur, instead of waiting for the next periodic scan. A senior engineer advises modifying the directory monitoring configuration to enable immediate detection of such events. Which of the following configuration options should the analyst include to achieve this behavior?
0%
0%
0%
0%
Переглянути це питання