Which type of indicators are obtained from data extracted from a security incident, such as hash values and regular expressions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which type of indicators are obtained from data extracted from a security incident, such as hash values and regular expressions?

Explanation:
Indicators that come from a security incident are often discrete, individual data points used to identify or confirm malicious activity. These are atomic indicators: each item stands on its own and can be used directly for detection or containment. Hash values are classic examples because they uniquely identify a file, and results from regular expressions yield specific strings or tokens that point to artifacts discovered during the incident. Together, they represent raw evidence pieces you can match across systems and logs. Behavioral indicators describe patterns of activity over time (like beaconing or unusual login behavior) rather than a single data artifact. Computed indicators are derived or composite, created by combining multiple data points into a new metric. Host-based indicators refer to artifacts tied to a particular host. The question’s examples—hash values and regex-derived data—are best categorized as atomic indicators.

Indicators that come from a security incident are often discrete, individual data points used to identify or confirm malicious activity. These are atomic indicators: each item stands on its own and can be used directly for detection or containment. Hash values are classic examples because they uniquely identify a file, and results from regular expressions yield specific strings or tokens that point to artifacts discovered during the incident. Together, they represent raw evidence pieces you can match across systems and logs.

Behavioral indicators describe patterns of activity over time (like beaconing or unusual login behavior) rather than a single data artifact. Computed indicators are derived or composite, created by combining multiple data points into a new metric. Host-based indicators refer to artifacts tied to a particular host. The question’s examples—hash values and regex-derived data—are best categorized as atomic indicators.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy