Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?
You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file serverbut not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally. What is the most likely issue?
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.
Which of the following is not a countermeasure to eradicate inappropriate usage
incidents?
Which of the following terms refers to the personnel that the incident handling and response (IH&R) team must contact to report the incident and obtain the necessary permissions?
Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?
Smith employs various malware detection techniques to thoroughly examine the
network and its systems for suspicious and malicious malware files. Among all
techniques, which one involves analyzing the memory dumps or binary codes for the
traces of malware?
Tibson works as an incident responder for MNC based in Singapore. He is investigating
a web application security incident recently faced by the company. The attack is
performed on a MS SQL Server hosted by the company. In the detection and analysis
phase, he used regular expressions to analyze and detect SQL meta-characters that led
to SQL injection attack.
Identify the regular expression used by Tibson to detect SQL injection attack on MS
SQL Server.
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?
If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?
Which of the following risk mitigation strategies involves execution of controls to
reduce the risk factor and brings it to an acceptable level or accepts the potential risk
and continues operating the IT system?
Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system. Which of the following recon attacks is the MOST LIKELY to provide this information?
You are talking to a colleague who Is deciding what information they should include in their organization’s logs to help with security auditing. Which of the following items should you tell them to NOT log?
Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?
James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of theinvestigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?
Which of the following processes is referred to as an approach to respond to the
security incidents that occurred in an organization and enables the response team by
ensuring that they know exactly what process to follow in case of security incidents?
Darwin is an attacker residing within the organization and is performing network
sniffing by running his system in promiscuous mode. He is capturing and viewing all
the network packets transmitted within the organization. Edwin is an incident handler
in the same organization.
In the above situation, which of the following Nmap commands Edwin must use to
detect Darwin’s system that is running in promiscuous mode?
A US Federal Agency network was the target of a DoS attack that prevented and
impaired the normal authorized functionality of the networks. According to agency’s
reporting timeframe guidelines, this incident should be reported within 2 h of
discovery/detection if the successful attack is still ongoing and the agency is unable to
successfully mitigate the activity.
Which incident category of US Federal Agency does this incident belong to?
Bran is an incident handler who is assessing the network of the organization. He wants to detect ping sweep attempts on the network using Wireshark. Which of the following Wireshark filters would Bran use to accomplish this task?
Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?
Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?
Allan performed a reconnaissance attack on his corporate network as part of a red-team activity. He scanned the IP range to find live host IP addresses. What type of technique did he use to exploit the network?
Andrew, an incident responder, is performing risk assessment of the client organization.
As a part of risk assessment process, he identified the boundaries of the IT systems,
along with the resources and the information that constitute the systems.
Identify the risk assessment step Andrew is performing.
Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wireshark to analyze the traffic. Whatfilter did he use to identify ICMP ping sweep attempts?
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?
Eric who is an incident responder is working on developing incident-handling plans and
procedures. As part of this process, he is performing analysis on the organizational
network to generate a report and to develop policies based on the acquired results.
Which of the following tools will help him in analyzing network and its related traffic?
Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?
John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.
Jason is setting up a computer forensics lab and must perform the following steps: 1. physical location and structural design considerations; 2. planning and budgeting; 3. work area considerations; 4. physical security recommendations; 5. forensic lab licensing; 6. human resource considerations. Arrange these steps in the order of execution.
Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware. In result, replacing or reinstalling the hardware was the only solution.
Identify the type of denial-of-service attack performed on Zaimasoft.
Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.
While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of
jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?
Rica works as an incident handler for an international company. As part of her role, she must review the present security policy implemented. Upon inspection, Rica finds that the policy is wide open, and only known dangerous services/attacks or behaviors are blocked. Which of the following is the current policy that Rica identified?
Eve’s is an incident handler in ABC organization. One day, she got a complaint about email hacking incident from one of the employees of the organization. As a part of
incident handling and response process, she must follow many recovery steps in order to recover from incident impact to maintain business continuity.
What is the first step that she must do to secure employee account?
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?
Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.
Identify the static data collection process step performed by Farheen while collecting static data.
Identify Sarbanes–Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of
securities analysts.
Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic
investigation process?
An organization's customers are experiencing either slower network communication or unavailability of services. In addition, network administrators are receiving alerts from security tools such as IDS/IPS and firewalls about a possible DoS/DDoS attack. In result, the organization requests the incident handling and response (IH&R) team further investigates the incident. The IH&R team decides to use manual techniques to detect DoS/DDoS attack.
Which of the following commands helps the IH&R team to manually detect DoS/DDoS attack?
James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?