Palo_Alto_Networks
SECOPS-PRO · Question #70
SECOPS-PRO Question #70: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #70. The question stem and answer options stay visible for context.
Question
During an incident response engagement, a forensic investigator discovers a persistent threat actor using a custom command-and- control (C2) protocol over port 53 (DNS). The existing SIEM logs show only generic DNS queries. To gain a comprehensive understanding of the adversary's TTPs (Tactics, Techniques, and Procedures), including their C2 infrastructure, exploit development, and motivation, and to proactively block future attacks, which combination of resources would be most beneficial?
Options
- AVirusTotal for file hash lookups and open-source intelligence blogs for general threat trends.
- BWildFire for malware detonation and real-time signature generation, coupled with extensive Unit
- CPassive DNS reconnaissance and WHOIS lookups for the C2 domains.
- DEmploying a commercial Endpoint Detection and Response (EDR) solution without integrating
- EDeep packet inspection of all network traffic and manual reverse engineering of all suspicious
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.