A security analyst working for a D. A virus has infected the workstation, allowing remote attackers to
financial institution notices abnormal execute arbitrary code and run malicious tasks.
behavior in a workstation's operating
system (OS) and identifies multiple Explanation
unauthorized scheduled tasks and The abnormal OS process behavior, file system anomalies, and
file system anomalies on the unauthorized scheduled tasks on the workstation could be a sign of a
affected workstation. virus infection allowing remote attackers to execute arbitrary code and
run malicious tasks, leading to system vulnerabilities.
Which of the following options is the Although outdated software and a lack of security patches can create
MOST likely explanation for these system vulnerabilities, they are less likely to cause the specific
issues? abnormalities identified on the workstation.
While insider threats are a concern, it is less likely that an insider threat
A. The security analyst is would create these specific abnormalities without detection or purpose.
experiencing false positives from False positives are a possibility, but the security analyst's investigation
their security tools, and there are no suggests actual abnormalities on the workstation.
actual anomalies present.
B. The operating system of the
workstation is outdated, and the
security patches have not been
applied, leading to system
vulnerabilities that have been
exploited.
C. An insider threat with access to
the workstation is intentionally
creating these abnormalities to
, sabotage the company's security
posture.
D. A virus has infected the
workstation, allowing remote
attackers to execute arbitrary code
and run malicious tasks.
D. Centralized security monitoring platform
Which of the following is the EDR
(Endpoint Detection and Response)
Explanation
component where data collected is
The Centralized security monitoring platform is the place where data
stored and analyzed?
collected by the security solution is stored and analyzed.
An endpoint acquisition point is the device that the platform acquires
A. Data analysis engine
data from, such as desktop computers, etc.
B. Honeypot
A data analysis engine is where the data is analyzed and contextualized
C. Endpoint acquisition point
for real-time or historical decision-making.
D. Centralized security monitoring
A honeypot allows security teams to create fake malicious activity and
platform
block it before it causes any damage. It is not an EDR component.
financial institution notices abnormal execute arbitrary code and run malicious tasks.
behavior in a workstation's operating
system (OS) and identifies multiple Explanation
unauthorized scheduled tasks and The abnormal OS process behavior, file system anomalies, and
file system anomalies on the unauthorized scheduled tasks on the workstation could be a sign of a
affected workstation. virus infection allowing remote attackers to execute arbitrary code and
run malicious tasks, leading to system vulnerabilities.
Which of the following options is the Although outdated software and a lack of security patches can create
MOST likely explanation for these system vulnerabilities, they are less likely to cause the specific
issues? abnormalities identified on the workstation.
While insider threats are a concern, it is less likely that an insider threat
A. The security analyst is would create these specific abnormalities without detection or purpose.
experiencing false positives from False positives are a possibility, but the security analyst's investigation
their security tools, and there are no suggests actual abnormalities on the workstation.
actual anomalies present.
B. The operating system of the
workstation is outdated, and the
security patches have not been
applied, leading to system
vulnerabilities that have been
exploited.
C. An insider threat with access to
the workstation is intentionally
creating these abnormalities to
, sabotage the company's security
posture.
D. A virus has infected the
workstation, allowing remote
attackers to execute arbitrary code
and run malicious tasks.
D. Centralized security monitoring platform
Which of the following is the EDR
(Endpoint Detection and Response)
Explanation
component where data collected is
The Centralized security monitoring platform is the place where data
stored and analyzed?
collected by the security solution is stored and analyzed.
An endpoint acquisition point is the device that the platform acquires
A. Data analysis engine
data from, such as desktop computers, etc.
B. Honeypot
A data analysis engine is where the data is analyzed and contextualized
C. Endpoint acquisition point
for real-time or historical decision-making.
D. Centralized security monitoring
A honeypot allows security teams to create fake malicious activity and
platform
block it before it causes any damage. It is not an EDR component.
