The correct answer is Indicators of Compromise (IoCs). An IoC is a piece of forensic data or evidence that indicates a potential intrusion or security breach has occurred. In this scenario, the port scan, failed and successful logins, and the C2 traffic are all individual artifacts that, when collected, point to a system compromise. "A completed attack kill chain" is incorrect because while the events are part of a kill chain, the log entries themselves are the indicators or evidence, not the framework itself. The full chain may also not be complete. A "Lessons learned report" is a document created after an incident to improve future responses. A "Business Continuity Plan" is a strategic plan to maintain business operations during a disruption, not the technical evidence of a breach.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Indicators of Compromise (IoCs)?
Open an interactive chat with Bash
What is a Command-and-Control (C2) address, and why is it significant?
Open an interactive chat with Bash
How does a port scan relate to potential system compromise?