nerdexam
Palo_Alto_Networks

XSIAM-ANALYST · Question #41

XSIAM-ANALYST Question #41: Real Exam Question with Answer & Explanation

The correct answer is B. There is an indicator of defense evasion C. Possible credential access tactic. See the full explanation below for the reasoning.

Question

An alert involves credential dumping. Reviewing the causality chain, you notice the following: - lsass.exe is accessed by powershell.exe - Prior to this, cmd.exe launched the PowerShell script What can you infer?

Options

  • AScripted behavior likely launched manually
  • BThere is an indicator of defense evasion
  • CPossible credential access tactic
  • DIt's a known benign service activity

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XSIAM-ANALYST Practice