After a DDoS attack, you’re briefing executives. Which metric best demonstrates impact?

A penetration test flags weak passwords. Which policy should you enforce to mitigate this?

A network scan reveals an unknown device. Which tool confirms its OS and services?

A malware outbreak is detected on a workstation. Which command captures live memory for forensic analysis?

A scan identifies an outdated Apache version (2.4.29) with CVE-2019-0211. What’s the first remediation step?

A SIEM alert flags repeated login failures. Which command investigates the source on a Linux server?

A stakeholder requests a report on a recent phishing incident. Which element should you prioritize to ensure clarity?

During a ransomware attack, a system is isolated. Which step should follow to determine the attack vector?

A vulnerability scan reveals a critical SQL injection flaw on a web server. Which tool should you use to validate this finding manually?

A SOC analyst notices unusual outbound traffic from a server. Which command should they use to identify the process initiating the connections?