Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Scenario As a senior cybersecurity engine r for an organization, you review past incident reports involving the recovery of systems or applications from a backup

Scenario
As a senior cybersecurity enginer for an organization, you review past incident reports involving the recovery of systems or applications from a backup image. You read a very recent after-action report (AAR) from one of the offices, summarizing the following incident:
"On June 20,2022, at 1:55 P.M., finance department personnel reported that their web applications were no longer accessible. At 3:00 P.M., a system admin opens a VM console to the department's VM and finds it at the BSOD. The admin reboots the server resulting in no change. The security admin if=searches the stop error code and notates a possible security breach. The admin copies the VM to disk to isolate the data for further examination and restores the server at 4:00 P.M. from the previous night's backup image. The system admin confirmed the web services were running, and users.confirmed that they could access services at 4:30 P.M."
You notice many ways to improve the response time to the incident. As you further analyze the AAR and various technical logs, you pinpoint multiple items discovered and list the source from which you found the items. You plan to educate the organization's security operations team on how to better utilize the various tools they have in place to detect and prevent similar breaches.
Instructions
Based on the scenario, match the source to the indicator of compromise (IoC).
\table[[\table[[A non-administrative],[account, added to an],[administrative AD group,],[triggered an alert.],[Blank 1]],\table[[Various nmap actions],[detected across multiple],[subnets.],[Blank 2]],\table[[Entry in the Windows Event],[Viewer indicate a log-on with],[new credentials that was],[allocated special privileges.],[Blank 3]],\table[[Employee testimony],[indicates that they may have],[witnessed a breach in],[progress.],[Blank 4]]],[\table[[Increased traffic across the],[network points to an],[attempted denial of service],[(DoS) attack.]],\table[[Cryptographic hash of an],[important file no longer],[matches its known, accepted],[value.]],\table[[An entry in the firewall log],[indicates a dropped],[connection intended for a],[blocked port.]],\table[[An organization named],['Anonymous' has posted on],[social media that they are],[responsible for the attack.]]],[Blank 5,Blank 6,Blank 7,Blank 8]]
image text in transcribed

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

DB2 9 For Linux UNIX And Windows Advanced Database Administration Certification Certification Study Guide

Authors: Roger E. Sanders, Dwaine R Snow

1st Edition

1583470808, 978-1583470800

More Books

Students also viewed these Databases questions

Question

explain what is meant by redundancy

Answered: 1 week ago