Which of the following is an Indicator of Compromise (IOC)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the Cybercrime Test. Use flashcards and multiple choice questions, each with hints and explanations, to prepare for your exam! Master cybercrime prevention and stay ahead of threats.

Multiple Choice

Which of the following is an Indicator of Compromise (IOC)?

Explanation:
An Indicator of Compromise (IOC) is evidence that a security incident has occurred or is in progress. Seeing a known attacker IP address in your logs or network traffic is a prime IOC because it directly ties your environment to a malicious actor. When that IP appears contacting your network, it should trigger a deeper incident investigation, as it may indicate malware communication, unauthorized access, or data exfiltration. Keep in mind that a single IP address isn’t definitive proof on its own, but it’s a strong beacon when correlated with other signs like unusual outbound traffic, unexpected processes, or changes in files. Routine software updates are expected, legitimate maintenance activity and don’t indicate a breach. A backup file is a recoverability asset, not a sign of compromise. A user password policy is a defensive control aimed at reducing risk, not evidence that an intrusion has occurred.

An Indicator of Compromise (IOC) is evidence that a security incident has occurred or is in progress. Seeing a known attacker IP address in your logs or network traffic is a prime IOC because it directly ties your environment to a malicious actor. When that IP appears contacting your network, it should trigger a deeper incident investigation, as it may indicate malware communication, unauthorized access, or data exfiltration. Keep in mind that a single IP address isn’t definitive proof on its own, but it’s a strong beacon when correlated with other signs like unusual outbound traffic, unexpected processes, or changes in files.

Routine software updates are expected, legitimate maintenance activity and don’t indicate a breach. A backup file is a recoverability asset, not a sign of compromise. A user password policy is a defensive control aimed at reducing risk, not evidence that an intrusion has occurred.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy