A security analyst is reviewing the following alert that was triggered by FIM on a critical system:
Which of the following best describes the suspicious activity that is occurring?
Which of the following would a security analyst most likely use to compare TTPs between different known adversaries of an organization?
A web application team notifies a SOC analyst that there are thousands of HTTP/404 events on the public-facing web server. Which of the following is the next step for the analyst to take?
An analyst is trying to capture anomalous traffic from a compromised host. Which of the following are the best tools for achieving this objective? (Select two).