Scenario
A security analyst reviews several alerts from email security, web application logs, identity logs, and endpoint protection. Management wants the best immediate mitigation for each issue.
Your task: Match each symptom to the threat type or mitigation.
| Evidence | Source |
|---|---|
| Fake vendor invoice from a look-alike executive address | Email gateway |
| Login from Chicago and Tokyo within 20 minutes | Identity provider |
| Database error after apostrophe in login field | Web app log |
Controls
Instructor Answer
- Business email compromise uses impersonation to trigger payments or data release.
- Text-message phishing is smishing.
- Database query manipulation through input is SQL injection.
- Impossible travel can indicate credential compromise.
- Encrypted files plus a payment demand point to ransomware.
- Segmentation limits lateral movement.
- An application allow list blocks unapproved software from running.
- Default passwords should be changed during hardening.