Winter Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Question # 4

Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

A.

Mitigation

B.

Analysis

C.

Eradication

D.

Cloud recovery

Full Access
Question # 5

Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?

A.

Clickjacking

B.

Impersonation

C.

Registry key manipulation

D.

Macro abuse

Full Access
Question # 6

Which of the following is the BEST method to prevent email incidents?

A.

Installing antivirus rule updates

B.

Disabling HTML in email content fields

C.

Web proxy filtering

D.

End-user training

Full Access
Question # 7

You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file serverbut not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally. What is the most likely issue?

A.

An e-mail service issue

B.

The file server has shut down

C.

A denial-of-service issue

D.

An admin account issue

Full Access
Question # 8

Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

A.

Side channel attack

B.

Service hijacking

C.

SQL injection attack

D.

Man-in-the-cloud attack

Full Access
Question # 9

Which of the following is not a countermeasure to eradicate inappropriate usage

incidents?

A.

Avoid VPN and other secure network channels

B.

Register the user activity logs and keep monitoring them regularly

C.

Install firewall and IDS/IPS to block services that violate the organization’s policy

D.

Always store the sensitive data in far located servers and restrict its access

Full Access
Question # 10

Which of the following terms refers to the personnel that the incident handling and response (IH&R) team must contact to report the incident and obtain the necessary permissions?

A.

Civil litigation

B.

Point of contact

C.

Criminal referral

D.

Ticketing

Full Access
Question # 11

Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?

A.

Risk assessment

B.

Risk assumption

C.

Risk mitigation

D.

Risk avoidance

Full Access
Question # 12

Smith employs various malware detection techniques to thoroughly examine the

network and its systems for suspicious and malicious malware files. Among all

techniques, which one involves analyzing the memory dumps or binary codes for the

traces of malware?

A.

Live system

B.

Dynamic analysis

C.

Intrusion analysis

D.

Static analysis

Full Access
Question # 13

Tibson works as an incident responder for MNC based in Singapore. He is investigating

a web application security incident recently faced by the company. The attack is

performed on a MS SQL Server hosted by the company. In the detection and analysis

phase, he used regular expressions to analyze and detect SQL meta-characters that led

to SQL injection attack.

Identify the regular expression used by Tibson to detect SQL injection attack on MS

SQL Server.

A.

/exec(\s|\+)+(s|x)p\w+/ix

B.

((\.\.\\)|(\.\.\/))

C.

((\.|%2E)(\.|%2E)(\/|%2F|\\|%5C))

D.

((\%3C)|<)((\%2F)|\/)*(script)((\%3E)|>)

Full Access
Question # 14

Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,

he needs to collect volatile information such as running services, their process IDs,

startmode, state, and status.

Which of the following commands will help Clark to collect such information from

running services?

A.

Openfiles

B.

netstat –ab

C.

wmic

D.

net file

Full Access
Question # 15

An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?

A.

Access granted to users should be documented and vetted by a supervisor.

B.

Disable the default administrative account to ensure accountability.

C.

Implement a person-to-person rule to secure the backup process and physical media.

D.

Monitor and secure the organization's physical environment.

Full Access
Question # 16

If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

A.

A7: Cross-site scripting

B.

A3: Sensitive- data exposure

C.

A2: Broken authentication

D.

A5: Broken access control

Full Access
Question # 17

Which of the following does NOT reduce the success rate of SQL injection?

A.

Close unnecessary application services and ports on the server.

B.

Automatically lock a user account after a predefined number of invalid login attempts within a predefined interval.

C.

Constrain legitimate characters to exclude special characters.

D.

Limit the length of the input field.

Full Access
Question # 18

Which of the following risk mitigation strategies involves execution of controls to

reduce the risk factor and brings it to an acceptable level or accepts the potential risk

and continues operating the IT system?

A.

Risk assumption

B.

Risk avoidance

C.

Risk planning

D.

Risk transference

Full Access
Question # 19

Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system. Which of the following recon attacks is the MOST LIKELY to provide this information?

A.

IP range sweep

B.

Packet sniffing

C.

Session hijack

D.

Port scan

Full Access
Question # 20

You are talking to a colleague who Is deciding what information they should include in their organization’s logs to help with security auditing. Which of the following items should you tell them to NOT log?

A.

Timestamp

B.

Session ID

C.

Source IP eddross

D.

userid

Full Access
Question # 21

Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?

A.

Secure the evidence

B.

Risk assessment

C.

Setup a computer forensics lab

D.

Evidence assessment

Full Access
Question # 22

James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of theinvestigation process, James started collecting volatile information from a system running on Windows operating system.

Which of the following commands helps James in determining all the executable files for running processes?

A.

cate A &. time ,/t

B.

netstat -ab

C.

top

D.

doskey/history

Full Access
Question # 23

Which of the following processes is referred to as an approach to respond to the

security incidents that occurred in an organization and enables the response team by

ensuring that they know exactly what process to follow in case of security incidents?

A.

Risk assessment

B.

Incident response orchestration

C.

Vulnerability management

D.

Threat assessment

Full Access
Question # 24

Darwin is an attacker residing within the organization and is performing network

sniffing by running his system in promiscuous mode. He is capturing and viewing all

the network packets transmitted within the organization. Edwin is an incident handler

in the same organization.

In the above situation, which of the following Nmap commands Edwin must use to

detect Darwin’s system that is running in promiscuous mode?

A.

nmap -sV -T4 -O -F –version-light

B.

nmap –sU –p 500

C.

nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]

D.

nmap --script hostmap

Full Access
Question # 25

A US Federal Agency network was the target of a DoS attack that prevented and

impaired the normal authorized functionality of the networks. According to agency’s

reporting timeframe guidelines, this incident should be reported within 2 h of

discovery/detection if the successful attack is still ongoing and the agency is unable to

successfully mitigate the activity.

Which incident category of US Federal Agency does this incident belong to?

A.

CAT 6

B.

CAT 2

C.

CAT 1

D.

CAT 5

Full Access
Question # 26

Bran is an incident handler who is assessing the network of the organization. He wants to detect ping sweep attempts on the network using Wireshark. Which of the following Wireshark filters would Bran use to accomplish this task?

A.

icmp.scq

B.

icmp.lype==8

C.

icmp.ident

D.

icmp.redir_gw

Full Access
Question # 27

Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

A.

Paranoic policy

B.

Prudent policy

C.

Promiscuous policy

D.

Permissive policy

Full Access
Question # 28

What is the most recent NIST standard for incident response?

A.

800-61r2

B.

800-61r3

C.

800-53r3

D.

800-171r2

Full Access
Question # 29

Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?

A.

System characterization

B.

Vulnerability identification

C.

Threat ioenLificalion

D.

Control analysis

Full Access
Question # 30

Which of the following has been used to evade IDS and IPS?

A.

Fragmentation

B.

TNP

C.

HTTP

D.

SNMP

Full Access
Question # 31

Allan performed a reconnaissance attack on his corporate network as part of a red-team activity. He scanned the IP range to find live host IP addresses. What type of technique did he use to exploit the network?

A.

DNS foot printing

B.

Social engineering

C.

Port scanning

D.

Ping sweeping

Full Access
Question # 32

Andrew, an incident responder, is performing risk assessment of the client organization.

As a part of risk assessment process, he identified the boundaries of the IT systems,

along with the resources and the information that constitute the systems.

Identify the risk assessment step Andrew is performing.

A.

Control analysis

B.

System characterization

C.

Likelihood determination

D.

Control recommendations

Full Access
Question # 33

Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wireshark to analyze the traffic. Whatfilter did he use to identify ICMP ping sweep attempts?

A.

tcp.typc == icmp

B.

icrrip.lype == icmp

C.

icmp.type == 8 or icmp.type ==0

D.

udp.lype — 7

Full Access
Question # 34

An attack on a network is BEST blocked using which of the following?

A.

IPS device inline

B.

HIPS

C.

Web proxy

D.

Load balancer

Full Access
Question # 35

If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?

A.

Phishing attack

B.

Insider attack

C.

Footprinting

D.

Identity theft

Full Access
Question # 36

Eric who is an incident responder is working on developing incident-handling plans and

procedures. As part of this process, he is performing analysis on the organizational

network to generate a report and to develop policies based on the acquired results.

Which of the following tools will help him in analyzing network and its related traffic?

A.

FaceNiff

B.

Wireshark

C.

Burp Suite

D.

Whois

Full Access
Question # 37

Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?

A.

Recovery

B.

Containment

C.

Eradication

D.

Vulnerability management phase

Full Access
Question # 38

John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.

A.

War driving

B.

Pharming

C.

Skimming

D.

Pretexting

Full Access
Question # 39

Jason is setting up a computer forensics lab and must perform the following steps: 1. physical location and structural design considerations; 2. planning and budgeting; 3. work area considerations; 4. physical security recommendations; 5. forensic lab licensing; 6. human resource considerations. Arrange these steps in the order of execution.

A.

2 -> 1 -> 3 -> 6 -> 4 -> 5

B.

2->3->l ->4->6->5

C.

5-> 2-> l-> 3-> 4-> 6

D.

3 .> 2 -> 1 -> 4-> 6-> 5

Full Access
Question # 40

Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware. In result, replacing or reinstalling the hardware was the only solution.

Identify the type of denial-of-service attack performed on Zaimasoft.

A.

ddos

B.

DoS

C.

PDoS

D.

DRDoS

Full Access
Question # 41

Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.

While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of

jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.

In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

A.

Believable

B.

Complete

C.

Authentic

D.

Admissible

Full Access
Question # 42

Rica works as an incident handler for an international company. As part of her role, she must review the present security policy implemented. Upon inspection, Rica finds that the policy is wide open, and only known dangerous services/attacks or behaviors are blocked. Which of the following is the current policy that Rica identified?

A.

Prudent policy

B.

Paranoic policy

C.

Permissive policy

D.

Promiscuous policy

Full Access
Question # 43

Eve’s is an incident handler in ABC organization. One day, she got a complaint about email hacking incident from one of the employees of the organization. As a part of

incident handling and response process, she must follow many recovery steps in order to recover from incident impact to maintain business continuity.

What is the first step that she must do to secure employee account?

A.

Restore the email services and change the password

B.

Enable two-factor authentication

C.

Enable scanning of links and attachments in all the emails

D.

Disabling automatic file sharing between the systems

Full Access
Question # 44

Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

A.

EventLog Analyzer

B.

MxTooIbox

C.

Email Checker

D.

PoliteMail

Full Access
Question # 45

Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.

Identify the static data collection process step performed by Farheen while collecting static data.

A.

Comparison

B.

Administrative consideration

C.

System preservation

D.

Physical presentatio

Full Access
Question # 46

Identify Sarbanes–Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of

securities analysts.

A.

Title VIII: Corporate and Criminal Fraud Accountability

B.

Title V: Analyst Conflicts of Interest

C.

Title VII: Studies and Reports

D.

Title IX: White-Collar-Crime Penalty Enhancement

Full Access
Question # 47

According to NITS, what are the 5 main actors in cloud computing?

A.

Provider, carrier, auditor, broker, and seller

B.

Consumer, provider, carrier, auditor, ano broker

C.

Buyer, consumer, carrier, auditor, and broker

D.

None of these

Full Access
Question # 48

Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic

investigation process?

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

Anti-forensics

Full Access
Question # 49

An organization's customers are experiencing either slower network communication or unavailability of services. In addition, network administrators are receiving alerts from security tools such as IDS/IPS and firewalls about a possible DoS/DDoS attack. In result, the organization requests the incident handling and response (IH&R) team further investigates the incident. The IH&R team decides to use manual techniques to detect DoS/DDoS attack.

Which of the following commands helps the IH&R team to manually detect DoS/DDoS attack?

A.

netstat -r

B.

nbtstat /c

C.

netstat an

D.

nbtstat/S

Full Access
Question # 50

James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?

A.

Insecure interface and APIs

B.

Data breach/loss

C.

Insufficient duo diligence

D.

Abuse end nefarious use of cloud services

Full Access