CySA+ Warm-up

NetFlow data is best for identifying lateral movement as it captures detailed information about network traffic flows, allowing detection of unusual internal communications that indicate lateral movement within a network.

Asset value is crucial for vulnerability prioritization as it helps determine the potential impact of a vulnerability on critical assets. Higher asset value means prioritizing vulnerabilities that could cause significant harm.

The first step after detecting ransomware is to isolate systems. This prevents the malware from spreading to other devices and helps contain the threat, allowing for a more effective response and recovery process.

Impossible travel is the best indicator of credential misuse as it suggests that a user has logged in from two geographically distant locations in a short time, which is highly unlikely and indicates potential unauthorized access.

Relevance is key to making threat intel actionable, as it ensures the information is pertinent to the specific context or threat landscape, allowing organizations to prioritize and respond effectively.

A memory dump captures the entire state of a system's RAM, providing critical information about running processes, open files, and system activity, making it the most reliable forensic evidence compared to other options.

UEBA (User and Entity Behavior Analytics) focuses on behavior baselining to identify anomalies in user and entity activities, making 'Behavior baselining' the correct choice. Other options do not align with UEBA's primary purpose.

Tuning rules helps reduce false positives by adjusting the criteria for alerts, making them more accurate. Ignoring alerts or disabling tools can lead to missed threats, while adding signatures may not address the root cause.

MITRE ATT&CK is primarily used for threat modeling as it provides a comprehensive framework to understand adversary tactics and techniques, helping organizations identify and prioritize threats effectively.

Risk is defined as the product of likelihood and impact. It considers both the chance of an event occurring and the consequences if it does, making 'Likelihood × impact' the correct choice.