A SOC analyst is investigating a recent email delivered to a high-value user for a customer whose network their organization monitors. The email includes a suspicious attachment titled "Invoice RE: 0004489". The hash of the file is gathered from the Cisco Email Security Appliance. After searching Open Source Intelligence, no available history of this hash is found anywhere on the web. What is the next step in analyzing this attachment to allow the analyst to gather indicators of compromise?
A) Run and analyze the DLP Incident Summary Report from the Email Security Appliance
B) Ask the company to execute the payload for real time analysis
C) Investigate further in open source repositories using YARA to find matches
D) Obtain a copy of the file for detonation in a sandbox
Correct Answer:
Verified
Q39: What is a principle of Infrastructure as
Q40: Where do threat intelligence tools search for
Q41: Q42: A SOC analyst is notified by the Q43: Employees report computer system crashes within the Q45: A Mac laptop user notices that several Q46: An engineer has created a bash script Q47: What is the purpose of hardening systems? Q48: A threat actor has crafted and sent Q49: An engineer is developing an application that
A)
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents