Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?
For analyzing the system, the browser data can be used to access various credentials.
Which of the following tools is used to analyze the history data files in Microsoft Edge browser?
Which of the following port scanning techniques involves resetting the TCP connection
between client and server abruptly before completion of the three-way handshake
signals, making the connection half-open?
An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital
media device, resulting in an entirely clean device of any previously stored data.
Identify the artifact wiping technique used by the attacker.
In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?
Nervous Nat often sends emails with screenshots of what he thinks are serious incidents, but they always turn out to be false positives. Today, he sends another screenshot, suspecting a nation-state attack. As usual, you go through your list of questions, check your resources for information to determine whether the screenshot shows a real attack, and determine the condition of your network. Which step of IR did you just perform?
During the vulnerability assessment phase, the incident responders perform various
steps as below:
1. Run vulnerability scans using tools
2. Identify and prioritize vulnerabilities
3. Examine and evaluate physical security
4. Perform OSINT information gathering to validate the vulnerabilities
5. Apply business and technology context to scanner results
6. Check for misconfigurations and human errors
7. Create a vulnerability scan report
Identify the correct sequence of vulnerability assessment steps performed by the
incident responders.
Stanley works as an incident responder at a top MNC based in Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company. While investigating the incident, he collected evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of a jury so that the evidence clarifies the facts and further helps in obtaining an expert opinion on the incident to confirm the investigation process. In the above scenario, which of the following characteristics of the digital evidence did Stanley attempt to preserve?
Employee monitoring tools are mostly used by employers to find which of the following?
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?
Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security. As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability. Which of the following risk assessment steps is Elizabeth currently in?
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?
Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of IH&R process, Joseph alerted the service providers,
developers, and manufacturers about the affected resources.
Identify the stage of IH&R process Joseph is currently in.
Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?
Which of the following terms refers to vulnerable account management functions, including account update, recovery of forgotten or lost passwords, and password reset, that might weaken valid authentication schemes?
Which of the following email security tools can be used by an incident handler to
prevent the organization against evolving email threats?
You are talking to a colleague who Is deciding what information they should include in their organization’s logs to help with security auditing. Which of the following items should you tell them to NOT log?
Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.
Identify the static data collection process step performed by Farheen while collecting static data.
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?
In which of the following types of insider threats an insider who is uneducated on
potential security threats or simply bypasses general security procedures to meet
workplace efficiency?
Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?
Which one of the following is the correct flow of the stages in an incident handling and response (IH&R) process?
Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emailsand Syslog to maintain logs. To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?
Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system. Which of the following recon attacks is the MOST LIKELY to provide this information?
Andrew, an incident responder, is performing risk assessment of the client organization.
As a part of risk assessment process, he identified the boundaries of the IT systems,
along with the resources and the information that constitute the systems.
Identify the risk assessment step Andrew is performing.
Rose is an incident-handling person and she is responsible for detecting and eliminating
any kind of scanning attempts over the network by any malicious threat actors. Rose
uses Wireshark tool to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan
attempt by the attacker?
Which of the following is an attack that occurs when a malicious program causes a user’s browser to perform an unwanted action on a trusted site for which the user is currently authenticated?
Shiela is working at night as an incident handler. During a shift, servers were affected by a massive cyberattack. After she classified and prioritized the incident, she must report the incident, obtain necessary permissions, and perform other incident response functions. What list should she check to notify other responsible personnel?
Dan is a newly appointed information security professional in a renowned organization. He is supposed to follow multiple security strategies to eradicate malware incidents. Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents?
John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.
Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?
Which stage of the incident response and handling process involves auditing the system and network log files?
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?
Alexis works as an incident responder at XYZ organization. She was asked to identify and attributethe actors behind an attack that occurred recently. For this purpose, she is performing a type of threat attribution that deals with the identification of a specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target. Which of the following types of threat attributions is Alexis performing?
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.
Who is mainly responsible for providing proper network services and handling network-related incidents in all the cloud service models?
In which of the following stages of incident handling and response (IH&R) process do
the incident handlers try to find out the root cause of the incident along with the threat
actors behind the incidents, threat vectors, etc.?
Ross is an incident manager (IM) at an organization, and his team provides support to all users in the organization who are affected by threats or attacks. David, who is the organization's internal auditor, is also part of Ross's incident response team. Which of the following is David's responsibility?
James has been appointed as an incident handling and response (IH&R) team lead and
he was assigned to build an IH&R plan along with his own team in the company.
Identify the IH&R process step James is currently working on.
Which of the following digital evidence temporarily stored on a digital device that
requires a constant power supply and is deleted if the power supply is interrupted?
Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis
in order to detect traces of malicious activities within the network infrastructure.
Which of the following tools Drake must employ in order to view logs in real time and
identify malware propagation within the network?