Halloween Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

A security analyst notices a number of SIEM events that show the following activity:10/30/2020 -...

CompTIA CAS-005 Full Course Access
CompTIA CAS-005 View All Questions

A security analyst notices a number of SIEM events that show the following activity:

10/30/2020 - 8:01 UTC - 192.168.1.1 - sc stop HinDctend

10/30/2020 - 8:05 UTC - 192.168.1.2 - c:\program files\games\comptidcasp.exe

10/30/2020 - 8:07 UTC - 192.168.1.1 - c:\windows\system32\cmd.exe /c powershell

10/30/2020 - 8:07 UTC - 192.168.1.1 - powershell —> 40.90.23.154:443

Which of the following response actions should the analyst take first?

A.

Disable powershell.exe on all Microsoft Windows endpoints

B.

Restart Microsoft Windows Defender

C.

Configure the forward proxy to block 40.90.23.154

D.

Disable local administrator privileges on the endpoints

CAS-005 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now CAS-005 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
A company that relies on an COL system must keep it operating until a new...
A global manufacturing company has an internal application mat is critical to making products This...
Previous