An alert on user account activity outside of normal business hours returns Windows even IDs 540 and 4624. In which of the following locations will these events be found?
An incident responder suspects that a host behind a firewall is infected with malware. Which of the following should the responder use to find the IP address of the infected machine?
A SOC analyst has been tasked with checking all files in every employee home directory for any mention of a new product code named PitViper. Which of the following commands will return all requested data?
An attacker has sent malicious macro-enabled Office files. Which of the following regular expressions will return a list of macro-enabled files?
A security analyst would like to parse through several SQL logs for indicators of compromise. The analyst is aware that none of the fields should contain a string of text longer than 30 characters; however, the analyst is unaware if there are any implemented controls to prevent such an overflow. Which of the following BEST describes the regular expression the analyst should use to find any alphanumeric character string?