In a conversation with a colleague you are asked to give them an idea of what type of monitor source you would use for each attack stage.
Would this be a correct correlation? (For “Command and Control” you can monitor DNS through AMON on the Aruba Mobility Controllers.)
You are deploying a new IntroSpect Packet Processor in your data center. It is not communicating with the analyzer in the same data center. You think that you have entered the host name of the analyzer incorrectly while bootstrapping the packet processor. Would this be a logical next step? (Clear out the bootstrap data and restart the system. After the restart, rerun the bootstrap.)
While investigating alerts in the Analyzer you notice a host desktop with a low risk score has been sendingregular emails from an internal account to the same external account. Upon investigation you see that theemails all have attachments. Would this be correct assessment of the situation? (This desktop should beadded to a watch list and audited for a time to determine if this is real threat activity.)
Refer to the exhibit.
You are logged into the IntroSpect and have navigated to the Alerts list. You are trying to filter the alerts to show all malware alerts for users. Is this a correct search query? (alertcategory:malware* AND username:any)
Copyright © 2014-2024 CertsTopics. All Rights Reserved
