PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #34
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #34: Real Exam Question with Answer & Explanation
The correct answer is B. Perform a UDM search across the logs for domains with low prevalence that were first seen in the D. Identify the domains with the higher normalized risk in Risk Analytics. Drill down into those. Running a UDM search for low-prevalence domains first seen in the last 30 days helps uncover potentially anomalous or malicious domains, since attackers often use newly registered or rarely seen domains for C2 or exfiltration. Using the Risk Analytics dashboard allows you to iden
Question
Options
- APerform a UDM search across the logs for domains with geolocations that were first seen in the
- BPerform a UDM search across the logs for domains with low prevalence that were first seen in the
- CPerform a raw log search across the logs for domains with low prevalence that were first seen in
- DIdentify the domains with the higher normalized risk in Risk Analytics. Drill down into those
- ENavigate to the IOC Matches page and filter based on domain type over the last 30 days. Look for
Explanation
Running a UDM search for low-prevalence domains first seen in the last 30 days helps uncover potentially anomalous or malicious domains, since attackers often use newly registered or rarely seen domains for C2 or exfiltration. Using the Risk Analytics dashboard allows you to identify domains with higher normalized risk scores. Drilling into those entities helps validate whether they are new, rare, or potentially tied to malicious activity.
Community Discussion
No community discussion yet for this question.