PRACTICE

Performance Based Question 01

Instructions: Read the Scenario below. Then, investigate and solve the three tickets.

Review each ticket thoroughly before answering the questions beneath it.

Scenario:

You are a SOC analyst for a medium-sized organization providing support to internal users via a ticketing system. There are currently three tickets requiring your review, assessment, and diagnosis. Each ticket includes details of the user's issues, and notes from the technicians to help you.

Most of the company's users do not have a deep understanding of cybersecurity. Therefore, it is important to review the description of their issues carefully, to get a detailed understanding of what is happening.

Security Ticket #2715
Ticket Status: Open

Security Ticket #2715

Date: 08th August 2025

Created by: James Howard

Job title: DevOps engineer

Security Ticket #2715

I received an email. I thought it was from Microsoft. It said I need to immediately download a software patch or my device would be highly vulnerable to attack. I downloaded and installed the patch, but since then, I've noticed my PC is running slower. It has frozen several times. I'm concerned there might be a virus. Sorry!

  • Updated: Notes (Tier 1 Support) - found DNS (hosts file) to be misconfigured with malicious entries.
Security Ticket #2723
Ticket Status: Open

Security Ticket #2723

Date: 10th August 2025

Created by: Erin Harrison

Job title: Admin assistant

Security Ticket #2723

I just got a call from someone who said she was the Director of Human Resources. She was trying to get her attachment working but it was having trouble. I'm new here, and I wanted to make a good impression, so I agreed to help. She sent me an attachment she needed me to check. I opened it and there was nothing inside. I'm not sure if it's related, but ever since then, my computer reboots and I keep losing my work!

  • Updated: Notes (Tier 2 Support) - Found a script running in Scheduled Tasks that forces the computer to restart.
  • Updated: Notes (Tier 1 Support) - nothing found, escalating to T2 support
Security Ticket #2728
Ticket Status: Open

Security Ticket #2728

Date: 10th August 2025

Created by: Michaela Carmody

Job title: Chief Executive Officer (CEO)

Security Ticket #2728

Hello - Chief Executive here. Just got an email that appeared to be from one of our business partners, Good Guy Consulting. We have dealt with them many times before. They referred to a recent conference where they met our Chief Financial Officer, Miss Jefferson. It said there was a bill that we needed to pay and they wanted to reach out to me directly to sort this out. This is a common request, so I gave the necessary authorization to make the payment and sent them $22,000. But now I'm having second thoughts. Was the payment I sent legitimate? HELP!

  • Updated: Notes (Tier 1 Support) - Looked at email message - the sender address is <x9283nb9a@go0dguyhconsulting.com (Good Guy Consulting)>.

Question 1 of 9

Select ONE answer. What is your diagnosis for Security Ticket #2715?

Question 2 of 9

Select ONE answer. Based on the information in Security Ticket #2715, what is the BEST description for the adversary tactic used?

Question 3 of 9

Select ONE answer. What mitigation would you recommend to resolve Security Ticket #2715?

Question 4 of 9

Select ONE answer. What is your diagnosis for Security Ticket #2723?

Question 5 of 9

Select ONE answer. Based on the information in Security Ticket #2723, what is the BEST description for the adversary tactic used?

Question 6 of 9

Select ONE answer. What mitigation would you recommend to resolve Security Ticket #2723?

Question 7 of 9

Select ONE answer. What is your diagnosis for Security Ticket #2728?

Question 8 of 9

Select ONE answer. Based on the information in Security Ticket #2728, what is the BEST description for the adversary tactic used?

Question 9 of 9

Select ONE answer. What mitigation would you recommend to resolve Security Ticket #2728?