Your company experienced a phishing attack last month. Now, the IT team is meeting to discuss what went well and what could be improved in future incidents. What phase of incident response is this?

A cybercriminal creates a fake invoice with hidden malware and emails it to a company employee. This action is part of which stage in the Cyber Kill Chain?

You want to set up a system that can automatically block IP addresses when threats are detected and pull data from threat intelligence feeds. What solution is best for this?

You're troubleshooting a Linux server and want to capture real-time network packets to analyze strange traffic. What command-line tool should you use?

You receive an email that looks like it’s from your company's CEO, but your DNS security shows the sender’s IP is not part of the company’s authorized email servers. What is the most likely issue?

Your team is analyzing a cyber attack. They create a chart that connects the attacker, tools used, network, and victim. What model are they using?

You notice that a user’s machine is making regular connections to an external IP address every 5 minutes. What is this behavior called?