Palo Alto Networks Cybersecurity Entry-Level Technician (PCCET) — Question 111

What should a security operations engineer do if they are presented with an encoded string during an incident investigation?

Answer options

• A. Save it to a new file and run it in a sandbox.
• B. Run it against VirusTotal.
• C. Append it to the investigation notes but do not alter it.
• D. Decode the string and continue the investigation.

Correct answer: D

Explanation

The correct action is to decode the string and continue the investigation (D) as it allows the engineer to understand the content and determine its relevance. Saving it to a new file and running it in a sandbox (A) could introduce risks without prior analysis. Running it against VirusTotal (B) may not provide complete context for the encoded data. Simply appending it to the notes without alteration (C) does not contribute to resolving the incident.