A security engineer notices confidential data being exfiltrated to a domain "Ranso4134-mware31-895" address that is attributed to a known advanced persistent threat group The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
A user received a targeted spear-phishing email and identified it as suspicious before opening the content. To which category of the Cyber Kill Chain model does to this type of event belong?
Refer to the exhibit.
Which field contains DNS header information if the payload is a query or a response?
During which phase of the forensic process are tools and techniques used to extract information from the collected data?
Submit Cancel