TimSaysICan Training - CySA+ PBQ

CySA+ PBQ: Security Incident Controls

Identify malware details and map preventive controls to attack stages.

Back to Training Portal

Scenario

Firewall alerts, a malware domain list, and file integrity monitoring point to a malicious download in a user profile. Select the incident details and controls that would reduce similar attacks.

Your task: Review the evidence and select the best analyst response for each field.
EvidenceDetails
FIM reportAdded file \\host1\users\user1\Downloads\invoice.exe at 12/1/19 14:03:55
Firewall alertinvoice.exe from 81.161.63.253 over TCP
Malware domain list81.161.63.253

Analyst Decisions

Instructor Answer