A security analyst receives multiple reports from users on the corporate network. The users are all describing similar issues, including frequent, unexpected pop-up advertisements and sluggish system performance. What do these correlated events MOST likely represent?
Multiple, similar, and anomalous events reported across a network are a strong Indicator of Compromise (IoC). An IoC is forensic evidence that suggests a network or endpoint may have been breached. The scenario describes symptoms consistent with a widespread malware or adware infection, and treating these correlated reports as a single IoC is a crucial first step in incident detection and response. A network misconfiguration or a false positive from antivirus would typically manifest with different symptoms and are less likely to cause pop-up ads across multiple systems. A planned maintenance event would not typically involve these symptoms and would likely be communicated in advance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are common symptoms of a system compromise?
Open an interactive chat with Bash
What is the significance of patterns in user reports during an incident?
Open an interactive chat with Bash
What steps should be taken when indicators of compromise are reported?