Cybersecurity Analyst Question Bank

Question 1: Ransomware Attack — Live Incident Response Difficulty: Elite | Role: Cybersecurity Analyst / Incident Responder | Level: Senior / Staff | Company Examples: CrowdStrike, Palo Alto Networks, Microsoft, Mandiant The Question At 6:14am on a Monday, your SOC receives an alert from CrowdStrike Falcon: 47 endpoints across 3 office locations have had their files encrypted with a .locked extension. The attackers have left a ransom note demanding $2.3M in Bitcoin within 72 hours, threatening to publish exfiltrated data on a leak site if payment is not made. Active Directory shows 3 domain admin accounts were used to push the ransomware via GPO 4 hours ago. Your backups are on a NAS device in the same network segment. You are the incident commander. Walk through your immediate containment strategy, forensic preservation approach, ransom decision framework, and the 30-day recovery plan. What Is This Question Testing? Risk assessment — understanding that the 72-hour deadline is a psycho