How would you triage a suspicious outbound dns request

Assignment Help Management Information Sys

Reference no: EM133361634

Assignment:

How would you triage a suspicious outbound DNS request?
Why would you get an alert from a previously blocked domain on the same device? And what level of the cyber kill chain will this attack fall under?
You identified an alert is at the Command-and-Control stage how do you identify what malware was installed?
Is there a recent investigation that you have done that you can work me through?
How do you test the functionality of a network device?
What are the ports and protocols engaged when you run a command ping? How does ping work on the network layer?
How will an administrator block the ping command at the network layer?
Could you tell me about an interesting incident you took part in? What was the incident? What was your role, and how was it resolved? I was thinking of using my network scenario here
You receive an alert for a server communicating with an IP with a malicious reputation. How do you approach the problem?
You mentioned that as a Cybersecurity Analyst part of your job was providing mitigation strategies. Could you give me an example of some of the strategies that you have recommended or implemented?
You receive an alert for a potentially malicious URL click made by a user. How would you investigate this? What steps would you take?
What is your incident response experience? Can I give the 6 incidence response step here and an explanation
What is your ticket handling experience?
What is your malware analysis experience?
What is your experience with Raw Logs?
What is your experience with Threat Intelligence?
What was the most difficult alert you responded to and how did you respond to it? Can I use the SCenario of the client refusing to block the IP but after doing more research and involving the manager the IP was blocked
What are some of the different security events you have responded to?

What is your security tuning experience, if any? explain if you have

What is your engineering experience, if any?
Have you done PCAP analysis? If so, explain
What are you most proud of in your career so far?
How have you used Splunk in your environment? Give a detailed overview because this are most used tool in my company
Name 10 ports and Protocols

Reference no: EM133361634

Questions Cloud

Discuss physical intrusion as a social engineering technique : What are the differences between Passive and Active Reconnaissance, consider the legality of these techniques?

What are issues with downloading-using proprietary software : What are the issues with copying, downloading, and using proprietary software and other copyrighted works?

Role of a business case as utilized in the systems analysis : What is the value, importance and role of a business case as utilized in the systems analysis and design process?

Identify a top concern with compliance : We might find that the actions of individuals can dictate the success or failure of compliance efforts throughout the organization.

How would you triage a suspicious outbound dns request : Why would you get an alert from a previously blocked domain on the same device? And what level of the cyber kill chain will this attack fall under?

Concepts of it security and privacy : The principles and concepts of IT security and privacy; How key events in history that have contributed to modern IT security and privacy;

How would organize sensitivity levels for this client : Explain how you would organize sensitivity levels for this client. Consider classifications such as high-medium-low, numbered levels, and labels such as public.

Discuss concept map for systems monitoring : A concept map is a way to put ideas into a picture and show how those concepts relate. It is a way for you to absorb new information in a visual way.

Review article about the fbis cybercrime : What we see is that cyber criminal strategy keep evolving so the FBI have to stay one step ahead of the criminals in order to fight their work.

User Account

All Pages