PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER · Question #88
PROFESSIONAL-SECURITY-OPERATIONS-ENGINEER Question #88: Real Exam Question with Answer & Explanation
The correct answer is A. Perform a YARA-L 2.0 search to correlate activity across impacted systems and users.. The most effective approach is to perform a YARA-L 2.0 search that correlates activity across impacted systems and user identities. YARA-L rules can link PowerShell execution events, outbound connections, and user activity, enabling you to identify the malicious user and the scop
Question
Options
- APerform a YARA-L 2.0 search to correlate activity across impacted systems and users.
- BPerform a raw log search for the suspicious domain string, and manually pivot to related user
- CUse the User Sign-In Overview dashboard to monitor authentication trends and anomalies across
- DUse the Behavioral Analytics dashboard in Risk Analytics to identify abnormal IP-based activity
Explanation
The most effective approach is to perform a YARA-L 2.0 search that correlates activity across impacted systems and user identities. YARA-L rules can link PowerShell execution events, outbound connections, and user activity, enabling you to identify the malicious user and the scope of the compromise efficiently, rather than relying on manual log searches or only analyzing authentication trends.
Community Discussion
No community discussion yet for this question.