Question: You are a security analyst working for Alpha Security Services. Beta Financial Services, it seems, has encountered more suspicious activity on their network. They have

You are a security analyst working for Alpha Security Services. Beta Financial Services, it seems, has encountered more suspicious activity on their network. They have again collected detailed log files from their systems and have sent them to your team for analysis.
Analyze the attached log file, and answer the following questions.
Log2.evtxDownload Log2.evtx
Question at position 1
1
1 point
Question at position 1
Which windows program is the image (or parent image) used to run all of the commands?
Question Blank 1 of 1
type your answer...
Question at position 2
2
1 point
Question at position 2
Which account is hijacked in the attack?
Question Blank 1 of 1
type your answer...
Question at position 3
3
1 point
Question at position 3
What flag was used in the PowerShell command to avoid execution policies in EventID 10662?
Question Blank 1 of 1
type your answer...
Question at position 4
4
1 point
Question at position 4
Which windows executable is used to run the PowerShell command?
Question Blank 1 of 1
type your answer...
Question at position 5
5
1 point
Question at position 5
EventID 10662 contains a lengthy command. In what encoding language is that command written in?
Question Blank 1 of 1
type your answer...
Question at position 6
6
1 point
Question at position 6
Decode the lengthy command using any tool you can find. What is the suspicious file referenced in the command? (Decode using the command-line or any web tool)
Question Blank 1 of 1
type your answer...
Question at position 7
7
1 point
Question at position 7
This command utilizes a delay, possibly to avoid detection or to ensure that certain conditions are met before the full program is run. How many seconds is the delay?
Question Blank 1 of 1
type your answer...
Question at position 8
8
1 point
Question at position 8
What technique is utilized to make this command more difficult to understand?
What technique is utilized to make this command more difficult to understand?
Confusion
Obfuscation
Garbling
Hiding
Question at position 9
9
1 point
Question at position 9
Which Mitre ATT&CK tactic does this event log most likely demonstrate?
Which Mitre ATT&CK tactic does this event log most likely demonstrate?
Initial Access
Persistence
Lateral Movement
Execution

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

You are a security analyst working for Alpha Security Services. Recently, one of your clients, Beta Financial Services, has encountered some suspicious activity on their network. As part of their...

Q:

Please help me answer this question Background Veronese 81 Tiffany Inc. is a medium-sized business located in Elmira, Ontario. It sells designerjewelry to specialty stores through Canada as well as...

Q:

1. Which of the following principles describes how a security analyst should communicate during an incident? A. The communication should be limited to trusted parties only. B. The communication...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

What are the main objectives of the financial policy that Rajat Singh must recommend to Deluxe Corporations board of directors? Deluxe Corporation reflecting on the neously, the repurchases, and the...

Q:

What should Singh recommend regarding: the target bond rating the level of flexibility or reserves the mix of debt and equity any other issues you believe should be brought to the attention of the...

Q:

Drawing on the financial ratios in case Exhibit 6, how much debt could Deluxe borrow at each rating level? What capitalization ratios would result from the borrowings implied by each rating category?...

Q:

GRADUATE CERTIFICATE IN PROJECT MANAGEMENT PROJ5010: PROJECT PROCUREMENT AND STRATEGIC SOURCING. CASE STUDIES CONTENTS 1. Proj5010: The World Bank RFP Case Study covers 1. Assignment 1: Marks = 5 2....

Q:

PROJECT SCOPE [Instructions for what to include in this section: Define the scope of work that will be undertaken to provide the deliverable(s) mentioned in the Project Charter (PC). Craft this...

Q:

Hi- Please take a look at the attached Word document for detailed requirements on an 8-page evaluation. Let me know what you think, and we can discuss price, plus a healthy tip. Task: (1) The...

Q:

You purchased 500 shares of Johnson & Johnson (JNJ) last March at $140 per share. Since then, it paid a $4 per share dividend. You have just decided to sell all your shares at the current stock...

Q:

Networking issues such as bandwidth limitation and latency are primary concerns when connecting corporate users and/or Internet users to a cloud network infrastructure. What is/are the factor(s) that...

Q:

An 1 8 - ycar T - bond can be stripped into how many separate securities ? a . 1 9 b . 3 7 c . 3 4 d . 3 6 e . 1 8

Q:

Seved Help 14 Wisconsin Snowmobile Corp. is considering a switch to level production Cost efficiencies would occur under level production, and aftertax costs would decline by $31,500, but inventory...

Q:

14-2 What methods can be used for selecting and evaluating information systems projects and aligning them with the firms business goals?

Q:

14-3 How can firms assess the business value of information systems?

Q:

14-1 What are the objectives of project management, and why is it so essential in developing information systems?