← SOC Analyst
// final assessment
Final Exam
12 scenario-based questions · Pass at 80% to earn your certificate
Question 1 of 12
A Suricata alert fires: 'ET MALWARE Cobalt Strike JA3 Match' — src: 10.1.3.44, dst: 91.213.50.5:443. Zeek conn.log shows duration=3601s, service=-, orig_bytes=2048, resp_bytes=89MB. ssl.log shows ja3=72a7c4de, server_name=cdn-update-services.net, validation_status=ok, cert issued 7 days ago. What is your assessment and what are your first three investigation pivots?