← SOC Analyst

// final assessment

Final Exam

12 scenario-based questions · Pass at 80% to earn your certificate

Question 1 of 12

A Suricata alert fires: 'ET MALWARE Cobalt Strike JA3 Match' — src: 10.1.3.44, dst: 91.213.50.5:443. Zeek conn.log shows duration=3601s, service=-, orig_bytes=2048, resp_bytes=89MB. ssl.log shows ja3=72a7c4de, server_name=cdn-update-services.net, validation_status=ok, cert issued 7 days ago. What is your assessment and what are your first three investigation pivots?