An analyst identifies multiple instances of node-to-node communication between several endpoints within the
10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address
10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.
Which of the following can be inferred from this activity?
A company's incident response team is handling a threat that was identified on the network.
Security analysts have determined a web server is making multiple connections from TCP port
445 outbound to servers inside its subnet as well as at remote sites. Which of the following is the MOST appropriate next step in the incident response plan?
A company was recently awarded several large government contracts and wants to determine its current risk from one specific APT.
Which of the following threat modeling methodologies would be the MOST appropriate to use during this analysis?
A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:
Which of the following can the analyst conclude?
Due to new regulations, a company has decided to institute an organizational vulnerability management program and assign the function to the security team. Which of the following frameworks would BEST support the program? (Choose two.)
Enter your email address to download CuramSoftware.CS0-002.v2022-11-15.q174 Dumps
