CS0-003 Security Operations • Set 5
CS0-003 Security Operations Practice Test 5 — 15 questions with explanations. Free, no signup.
An EDR alert shows powershell.exe launched by winword.exe with an encoded command line and outbound HTTPS shortly after a user opened an email attachment. What is the BEST first analytic pivot? In the root-cause analysis phase, Which finding would most directly explain the activity?