The primary goal of the threat-hunting team at a large company is to identify cyberthreats that the SOC has not detected. Which of the following types of data would the threat-hunting team primarily use to identify systems that are exploitable?
A vulnerability scan is a type of data that can identify systems that are exploitable by detecting known weaknesses and misconfigurations in the software and hardware. Packet capture, threat feed, and user behavior are types of data that can help identify malicious activities or indicators of compromise, but not necessarily the systems that are vulnerable to exploitation.
An organization is concerned about intellectual property theft by employees who leave the organization Which of the following should the organization most likely implement?
A security analyst is investigating a malware incident at a company The malware is accessing a command-and-control website at www.comptia.com. All outbound internet traffic is logged to a syslog server and stored in /logfiles/messages Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?
A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?
Which of the following is best to use when determining the severity of a vulnerability?
CVSS, or Common Vulnerability Scoring System, is a standard method for assessing the severity of software vulnerabilities based on various metrics and factors. CVE, or Common Vulnerabilities and Exposures, is a list of publicly disclosed vulnerabilities, but does not provide a severity score. OSINT, or Open Source Intelligence, is the collection and analysis of publicly available information, which may or may not be relevant to a specific vulnerability. SOAR, or Security Orchestration, Automation and Response, is a set of tools and processes that automate and streamline security operations and incident response.
Currently there are no comments in this discussion, be the first to comment!