Prev Question
Next Question

An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants to use operators in the expression.
Which tokens accept one or more of the available operators when building an expression?

A. All tokens

B. Domainname, Filename, and Filehash

C. Filename, Filehash, and Registry

D. Domainname and Filename only

Explanation:

Reference: https://support.symantec.com/en_US/article.HOWTO125969.html#v115770112

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *