An analyst is investigating a phishing incident and has retrieved the following as part of the investigation:
cmd.exe /c c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -ExecutionPolicy Bypass -NoLogo -NoProfile -EncodedCommand < VERY LONG STRING >
Which of the following should the analyst use to gather more information about the purpose of this command?
A Chief Information Security Officer wants to lock down the users ' ability to change applications that are installed on their Windows systems. Which of the following is the best enterprise-level solution?
A company discovers that its proprietary information is being sold on the dark web. A security analyst uses threat hunting to search for signs of compromise. After running a network packet capture tool, the analyst identifies millions of packets similar to the following:
Internet Protocol Version 4, src: 192.168.1.2, dst: 104.21.75.76
Internet Control Message Protocol
Type: 8 Echo request
Code: 0
Checksum: 0x34db [correct]
Sequence number: 3362
No response seen
Data: 64 bytes
Data payload: 0e1b586f3568s51578a2054af4459865b34857a05924b45824...
The analyst does not detect or identify any other abnormalities. Which of the following is most likely the malicious activity in this scenario?
An analyst has been asked to validate the potential risk of a new ransomware campaign that the Chief Financial Officer read about in the newspaper. The company is a manufacturer of a very small spring used in the newest fighter jet and is a critical piece of the supply chain for this aircraft. Which of the following would be the best threat intelligence source to learn about this new campaign?