Which items are considered common indicators of compromise (IOCs) and how are they used?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Cyber ProKnow AI Test with multiple choice questions, detailed explanations, and tailored study resources. Enhance your skills and confidence to excel in the exam!

Multiple Choice

Which items are considered common indicators of compromise (IOCs) and how are they used?

Explanation:
IOCs are observable artifacts that indicate malicious activity and help security teams detect, investigate, and respond to threats. The items listed as common IOCs—file hashes, IP addresses, domains, and YARA rules—represent different ways to recognize malicious activity across environments. File hashes provide a unique fingerprint for known malware files; when a file’s hash matches a database of malicious hashes, you can quickly flag, quarantine, or investigate that artifact. IP addresses and domains point to attacker infrastructure; detecting traffic to these destinations in network or endpoint logs can trigger alerts, prompt containment actions, or guide deeper investigation. YARA rules describe patterns found in files—specific strings, byte sequences, or structural features—so scanners can flag suspicious files across a fleet, enabling rapid triage and classification of threats. Together, these IOCs give security systems concrete signals to detect threats, guide rule-based detections, and support incident response and threat hunting. Password and user ID credentials are related to breaches but aren’t typically used as general, automated IOCs for detection in isolation. CPU usage metrics are behavioral indicators, not specific observable artifacts of a known threat. Hardware serial numbers are identifiers of devices rather than indicators of compromise by themselves.

IOCs are observable artifacts that indicate malicious activity and help security teams detect, investigate, and respond to threats. The items listed as common IOCs—file hashes, IP addresses, domains, and YARA rules—represent different ways to recognize malicious activity across environments.

File hashes provide a unique fingerprint for known malware files; when a file’s hash matches a database of malicious hashes, you can quickly flag, quarantine, or investigate that artifact. IP addresses and domains point to attacker infrastructure; detecting traffic to these destinations in network or endpoint logs can trigger alerts, prompt containment actions, or guide deeper investigation. YARA rules describe patterns found in files—specific strings, byte sequences, or structural features—so scanners can flag suspicious files across a fleet, enabling rapid triage and classification of threats. Together, these IOCs give security systems concrete signals to detect threats, guide rule-based detections, and support incident response and threat hunting.

Password and user ID credentials are related to breaches but aren’t typically used as general, automated IOCs for detection in isolation. CPU usage metrics are behavioral indicators, not specific observable artifacts of a known threat. Hardware serial numbers are identifiers of devices rather than indicators of compromise by themselves.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy