CS0-003 Question #362: Real Exam Question with Answer & Explanation

Question

SIMULATION A company recently experienced a security incident. The security team has determined a user clicked on a link embedded in a phishing email that was sent to the entire company. The link resulted in a malware download, which was subsequently installed and run. INSTRUCTIONS Part 1 Review the artifacts associated with the security Incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization. Part 2 Review the kill chain items and select an appropriate control for each that would improve the security posture of the organization and would have helped to prevent this incident from occurring. Each control may only be used once, and not all controls will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Firewall log: File integrity Monitoring Report: Malware domain list: Vulnerability Scan Report: Phishing Email: Answer: Kill Chain Item: Phishing email - Email filtering Active links - VPN Malicious website access - IP blocklist Malware download - Firewall file type filter Malware install - Restricted local user permissions Malware execution - Updated antivirus File encryption - Backups Identify the following: Malicious executable - Payroll.xlsx Malicious IP Address - 81.161.63.103 Date/time malware entered organization- 1 Dec 2019 14:03:19

Options

• taskReview the artifacts associated with the security Incident. Identify the name of the malware, the malicious IP address, and the date and time when the malware executable entered the organization.
• prerequisites