Scenario
Firewall alerts, a malware domain list, and file integrity monitoring point to a malicious download in a user profile. Select the incident details and controls that would reduce similar attacks.
Your task: Review the evidence and select the best analyst response for each field.
| Evidence | Details |
|---|---|
| FIM report | Added file \\host1\users\user1\Downloads\invoice.exe at 12/1/19 14:03:55 |
| Firewall alert | invoice.exe from 81.161.63.253 over TCP |
| Malware domain list | 81.161.63.253 |
Analyst Decisions
Instructor Answer
- invoice.exe is named in both FIM and firewall evidence.
- 81.161.63.253 appears in both the firewall alert and the malware list.
- The FIM timestamp identifies when the file appeared.
- Email filtering, plain text email, restricted local permissions, and IP blocklists each reduce different parts of the attack path.