CS0-003 Security Operations • Set 3
CS0-003 Security Operations Practice Test 3 — 15 questions with explanations. Free, no signup.
A host alert shows certutil.exe downloading a file from an external URL, followed by execution from a user-writable directory. What should the analyst focus on? In the evidence source phase, Which evidence source best supports or refutes the detection?