Question 9 of 10Pro Only

You are investigating an incident where the attacker appears to have used multiple techniques simultaneously: a phishing email to gain initial access, PowerShell for execution, Mimikatz for credential dumping, and PsExec for lateral movement. How do you structure your investigation to cover all of these attack vectors, and how do you determine the full blast radius?

Sample answer preview

A multi-vector attack like this represents a full attack chain, and structuring the investigation properly is essential to ensure nothing is missed. My approach would organize the investigation around each phase of the attack while maintaining a holistic view of how they…

multi-vector attackMITRE ATT&CK mappingblast radiusMimikatzPsExecPowerShell logging

Unlock the full answer

Get the complete model answer, key points, common pitfalls, and access to 9+ more SOC Analyst interview questions.

Upgrade to Pro

Starting at $19/month • Cancel anytime

Back to Track