Question 9 of 10Pro Only

Your threat hunting team discovers evidence suggesting that an APT group has been present in your network for several months. The initial finding is a suspicious scheduled task on a domain controller that executes an encoded PowerShell script. Walk through your complete investigation and response strategy, from initial discovery through containment, eradication, and post-incident intelligence production.

Sample answer preview

Discovering a potential APT presence on a domain controller is a critical situation that demands a methodical, intelligence-informed investigation strategy. The response must balance the urgency of containment with the need to fully understand the scope of compromise before…

apt-investigationmemory-forensicslateral-movementgolden-ticketcredential-harvestingc2-communication

Unlock the full answer

Get the complete model answer, key points, common pitfalls, and access to 9+ more Cybersecurity Analyst interview questions.

Upgrade to Pro

Starting at $19/month • Cancel anytime

Back to Track