SYO 701 EDR Module FC

60. A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

98. A systems administrator receives the following alert from a file integrity monitoring tool:

• The hash of the cmd.exe file has changed.

• The systems administrator checks the OS logs and notices that no patches were applied in the last two months.

• Which of the following most likely occurred?

106. A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

114. 114. A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

116. Which of the following can best protect against an employee inadvertently installing malware on a company system?

136. Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

163. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

164. An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

168. Which of the following would be the best way to block unknown programs from executing?

170. A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?