Calvin spotted blazing flames originating from a physical file storage location in his organization because of a Short circuit. In response to the incident, he used a fire suppression system that helped curb the incident in the initial stage and prevented it from spreading over a large area. Which of the following firefighting systems did Calvin use in this scenario?

An loT device placed in a hospital for safety measures has sent an alert to the server. The network traffic has been captured and stored in the Documents folder of the "Attacker Machine-1". Analyze the loTdeviceTraffic.pcapng file and identify the command the loT device sent over the network. (Practical Question)

A software company develops new software products by following the best practices for secure application

development. Dawson, a software analyst, is responsible for checking the performance of applications in the

client's network to determine any issue faced by end users while accessing the application.

Which of the following tiers of the secure application development lifecycle involves checking the application

performance?

Kaison. a forensic officer, was investigating a compromised system used for various online attacks. Kaison initiated the data acquisition process and extracted the data from the systems DVD-ROM. Which of the following types of data did Kaison acquire in the above scenario?

A John-the-Ripper hash dump of an FTP server’s login credentials is stored as "target-file" on the Desktop of Attacker Machine-2. Crack the password hashes in the file to recover the login credentials of the FTP server. The FTP root directory hosts an exploit file. Read the exploit file and enter the name of the exploit's author as the answer. Hint: Not all the credentials will give access to the FTP. (Practical Question)

MediData, a leading healthcare data analytics firm based in the US, has made significant strides in advance health diagnostics using Al. With a vast repository of patient data and seeing the potential market In Europ MediData plans to expand its services there. However, the leadership is wary. Europe's stringent data protects regulations require companies to adapt their data processing practices. The legal team at MediData is task; with ensuring compliance and minimizing potential litigation or penalties. As MediData plans its Europe; expansion, which regulatory framework should it be most concerned with?

Kayden successfully cracked the final round of interviews at an organization. After a few days, he received his offer letter through an official company email address. The email stated that the selected candidate should respond within a specified time. Kayden accepted the opportunity and provided an e-signature on the offer letter, then replied to the same email address. The company validated the e-signature and added his details to their database. Here, Kayden could not deny the company's message, and the company could not deny Kayden's signature.

Which of the following information security elements was described in the above scenario?

You are working as a Security Consultant for a top firm named Beta Inc.

Being a Security Consultant, you are called in to assess your company's situation after a ransomware attack that encrypts critical data on Beta Inc. servers. What is the MOST critical action you have to take immediately after identifying the attack?

The SOC department in a multinational organization has collected logs of a security event as

"Windows.events.evtx". Study the Audit Failure logs in the event log file located in the Documents folder of the

-Attacker Maehine-1" and determine the IP address of the attacker. (Note: The event ID of Audit failure logs is

4625.)

(Practical Question)

Shawn, a forensic officer, was appointed to investigate a crime scene that had occurred at a coffee shop. As a part of investigation, Shawn collected the mobile device from the victim, which may contain potential evidence to identify the culprits.

Which of the following points must Shawn follow while preserving the digital evidence? (Choose three.)

Initiate an SSH Connection to a machine that has SSH enabled in the network. After connecting to the machine find the file flag.txt and choose the content hidden in the file. Credentials for SSH login are provided below:

Hint:

Username: sam

Password: admin@l23

GlobalTech, a multinational corporation with over 10.000employees, has seen a surge in mobile device usage among its workforce. The IT department Is tasked with deploying a robust mobile security management solution that caters not only to the security of data but also provides flexibility in device choices and keeps administrative overhead low. Which of the following would be the best solution for GlobalTech?

Sam, a software engineer, visited an organization to give a demonstration on a software tool that helps in business development. The administrator at the organization created a least privileged account on a system and allocated that system to Sam for the demonstration. Using this account, Sam can only access the files that are required for the demonstration and cannot open any other file in the system.

Which of the following types of accounts the organization has given to Sam in the above scenario?

Miguel, a professional hacker, targeted an organization to gain illegitimate access to its critical information. He identified a flaw in the end-point communication that can disclose the target application's data.

Which of the following secure application design principles was not met by the application in the above scenario?

Myles, a security professional at an organization, provided laptops for all the employees to carry out the business processes from remote locations. While installing necessary applications required for the business, Myles has also installed antivirus software on each laptop following the company's policy to detect and protect the machines from external malicious events over the Internet.

Identify the PCI-DSS requirement followed by Myles in the above scenario.

A software company is developing a new software product by following the best practices for secure application development. Dawson, a software analyst, is checkingthe performance of the application on the client's network to determine whether end users are facing any issues in accessing the application.

Which of the following tiers of a secure application development lifecycle involves checking the performance of the application?

CyberX, an acclaimed cybersecurity firm with a diverse clientele ranging from financial institutions to healthcare providers, has been approached by NexusCorp. NexusCorp, a global supply chain giant, seeks assistance in drafting a new security policy after a series of cyber-attacks that highlighted vulnerabilities in its existing protocols. While NexusCorp uses state-of-the-art technology, its security policies have not kept pace. It needs a policy that acknowledges its complex organizational structure, vast geographic spread, and diversity in employee tech proficiency.

Which should be CyberX’s primary consideration in this scenario?

You are the chief cybersecurity officer at a multi-national corporation, which specializes in satellite-based communication systems. Recently, you transitioned to a more advanced system architecture that includes multiple ground stations globally. These stations synchronize and communicate via a central hub that manages the distribution of encrypted data across the network. Upon reviewing the quarterly network logs, you uncover a series of sophisticated intrusions. These intrusions are intermittently taking place inground stations located in three continents. Evidence suggests that these attacks are coordinated, aiming to map out the network's communication paths, likely in preparation for a much larger scale cyber-attack. Further investigation uncovers small pockets of malware within the system, specifically designed to circumvent your current security controls. Given the criticality of ensuring uninterrupted satellite communication, which countermeasure would be most effective in thwarting these intrusions, ensuring data integrity, and maintaining the operational status of your satellite communication systems?

Ayden works from home on his company's laptop. During working hours, he received an antivirus software update notification on his laptop. Ayden clicked on the update button; however, the system restricted the update and displayed a message stating that the update could only be performed by authorized personnel. Which of the following PCI-DSS requirements is demonstrated In this scenario?

Jaden, a network administrator at an organization, used the ping command to check the status of a system connected to the organization's network. He received an ICMP error message stating that the IP header field contains invalid information. Jaden examined the ICMP packet and identified that it is an IP parameter problem.

Identify the type of ICMP error message received by Jaden in the above scenario.

Desmond, a forensic officer, was investigating a compromised machine involved in various online attacks. For this purpose. Desmond employed a forensic tool to extract and analyze computer-based evidence to retrieve information related to websitesaccessed from the victim machine. Identify the computer-created evidence retrieved by Desmond in this scenario.

Jordan, a network administrator in an organization, was instructed to identify network-related issues and improve network performance. While troubleshooting the network, he received a message indicating that the datagram could not be forwarded owing to the unavailability of IP-related services (such as FTP or web services) on the target host, which of the following network issues did Jordan find in this scenario?

Hayes, a security professional, was tasked with the implementation of security controls for an industrial network at the Purdue level 3.5 (IDMZ). Hayes verified all the possible attack vectors on the IDMZ level and deployed a security control that fortifies the IDMZ against cyber-attacks.

Identify the security control implemented by Hayes in the above scenario.

Karter, a security professional, deployed a honeypot on the organization's network for luring attackers who attempt to breach the network. For this purpose, he configured a type of honeypot that simulates a real OS as well as the applications and services of a target network. Furthermore, the honeypot deployed by Karter only responds to pre-configured commands.

Identify the type of Honeypot deployed by Karter in the above scenario.

A large multinational corporation is In the process of upgrading its network infrastructure to enhance security and protect sensitive data. As part of the upgrade, the IT team is considering implementing stateful multilayer inspection firewalls and application-level gateway firewalls.

How do stateful multilayer inspection firewalls differ from application-level gateway firewalls in terms of their packet filtering capabilities and the layers of the OSI model they inspect?

An IoT device that has been placed in a hospital for safety measures, it has sent an alert command to the server. The network traffic has been captured and stored in the Documents folder of the Attacker Machine-1. Analyze the loTdeviceTraffic.pcapng file and select the appropriate command that was sent by the IoT device over the network.

Leilani, a network specialist at an organization, employed Wireshark for observing network traffic. Leilani navigated to the Wireshark menu icon that contains items to manipulate, display and apply filters, enable, or disable the dissection of protocols, and configure user-specified decodes.

Identify the Wireshark menu Leilani has navigated in the above scenario.

An FTP server has been hosted in one of the machines in the network. Using Cain and Abel the attacker was able to poison the machine and fetch the FTP credentials used by the admin. You're given a task to validate the credentials that were stolen using Cain and Abel and read the file flag.txt

Grace, an online shopping freak, has purchased a smart TV using her debit card. During online payment, Grace's browser redirected her from ecommerce website to a third-party payment gateway, where she provided her debit card details and OTP received on her registered mobile phone. After completing the transaction, Grace navigated to her online bank account and verified the current balance in her savings account.

Identify the state of data when it is being processed between the ecommerce website and the payment gateway in the above scenario.

As the senior network analyst for a leading fintech organization, you have been tasked with ensuring seamless communication between the firm's global offices. Your network has been built with redundancy in mind, leveraging multiple service providers and a mixture of MPLS and public internet connections.

A disgruntled employee has set up a RAT (Remote Access Trojan) server in one of the machines in the target network to steal sensitive corporate documents. The IP address of the target machine where the RAT is installed is 20.20.10.26. Initiate a remote connection to the target machine from the "Attacker Machine-1" using the Theef client. Locate the "Sensitive Corporate Documents" folder in the target machine's Documents directory and determine the number of files. Mint: Theef folder is located at Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef of the Attacker Machine1.

RevoMedia, a digital marketing agency, often conducts client presentations off-site. The agency’s team uses mobile devices to connect to various networks and display content. Withthe rising threat landscape, it wants to adopt the most secure method for connecting its mobile devices to unfamiliar networks. Which of the following should RevoMedia adopt?

Tenda, a network specialist at an organization, was examining logged data using Windows Event Viewer to identify attempted or successful unauthorized activities. The logs analyzed by Tenda include events related to Windows security; specifically, log-on/log-off activities, resource access, and also information based on Windows system's audit policies.

Identify the type of event logs analyzed by Tenda in the above scenario.

FusionTech, a leading tech company specializing in quantum computing, is based in downtown San Francisco, with its headquarters situated In a multi-tenant skyscraper. Their office spans across three floors. The cutting-edge technology and the proprietary data that FusionTech possesses make it a prime target for both cyber and physical threats. Recently, during an internal security review, it was discovered that an unauthorized individual was spotted on one of the floors. There was no breach, but it raised an alarm. The management wants to address this vulnerability without causing too much inconvenience to its 2000+ employees and the other tenants of the building.

Given FusionTech's unique challenges, which measure should it primarily consider to bolster its workplace security?

Richard, a professional hacker, was hired by a marketer to gather sensitive data and information about the offline activities of users from location data. Richard employed a technique to determine the proximity of a user's mobile device to an exact location using CPS features. Using this technique. Richard placed a virtual barrier positioned at a static location to interact with mobile users crossing the barrier, identify the technique employed by Richard in this scenario.

Matias, a network security administrator at an organization, was tasked with the implementation of secure wireless network encryption for their network. For this purpose, Matias employed a security solution that uses 256-bit Galois/Counter Mode Protocol (GCMP-256) to maintain the authenticity and confidentiality of data.

Identify the type of wireless encryption used by the security solution employed by Matias in the above scenario.

Juan, a safety officer at an organization, installed a physical lock at the entrance of each floor. All employees in the organization were allotted a smart card embedded in their ID cards, which had to be swiped to unlock doors and Access any floor. Which of the following types of physical locks did Juan install In this scenario?

As a Virtualization Software Engineer/Analyst, you are employed on a Project with Alpha Inc. Company, the OS Virtualization is used for isolation of Physical/Base OS with the Hypervisor OS. What is the security benefit of OS virtualization in terms of isolation?

A company decided to implement the cloud infrastructure within its corporate firewall 10 secure sensitive data from external access. The company invested heavily in creating a cloud architecture within its premises to manage full control over its corporate data. Which of the following types of cloud deployment models did the company implement in this scenario?

Nicolas, a computer science student, decided to create a guest OS on his laptop for different lab operations. He adopted a virtualization approach in which the guest OS will not be aware that it is running in a virtualized environment. The virtual machine manager (VMM) will directly interact with the computer hardware, translate commands to binary instructions, and forward them to the host OS.

Which of the following virtualization approaches has Nicolas adopted in the above scenario?

Steve, a network engineer, was tasked with troubleshooting a network issue that is causing unexpected packet drops. For this purpose, he employed a network troubleshooting utility to capture the ICMP echo request packets sent to the server. He identified that certain packets are dropped at the gateway due to poor network connection.

Identify the network troubleshooting utility employed by Steve in the above scenario.

Finley, a security professional at an organization, was tasked with monitoring the organizational network behavior through the SIEM dashboard. While monitoring, Finley noticed suspicious activities in the network; thus, he captured and analyzed a single network packet to determine whether the signature included malicious patterns. Identify the attack signature analysis technique employed by Finley in this scenario.

Elliott, a security professional, was appointed to test a newly developed application deployed over an organizational network using a Bastion host. Elliott initiated the process by configuring the nonreusable bastion host. He then tested the newly developed application to identify the presence of security flaws that were not yet known; further, he executed services that were not secure. identify the type of bastion host configured by Elliott in the above scenario.

DigitalVault Corp., a premier financial institution, has recently seen a significant rise in advanced persistent threats (APTs)targetlng Its mainframe systems. Considering the sensitivity of the data stored, It wants to employ a strategy that deceives attackers into revealing their techniques. As part of its defense strategy, the cybersecurity team is deliberating over-deploying a honeypot system. Given the bank's requirements, the team are evaluating different types of honeypots. DigitalVault's primary goal Is to gather extensive Information about the attackers' methods without putting its actual systems at risk. Which of the following honeypots would BEST serve DigitalVault’s intent?

Sam, a software engineer, visited an organization to give a demonstration on a software tool that helps in business development. The administrator at the organization created a least privileged account on a system and allocated that system to Sam for the demonstration. Using this account, Sam can only access the files that are required for the demonstration and cannot open any other file in the system.

Which of the following types of accounts the organization has given to Sam in the above scenario?

The incident handling and response (IH&R) team of an organization was handling a recent cyberattack on the organization's web server. Fernando, a member of the IH&P team, was tasked with eliminating the root cause of the incident and closing all attack vectors to prevent similar incidents in future. For this purpose. Fernando applied the latest patches to the web server and installed the latest security mechanisms on it. Identify the IH&R step performed by Fernando in this scenario.

An attacker with malicious intent used SYN flooding technique to disrupt the network and gain advantage over the network to bypass the Firewall. You are working with a security architect to design security standards and plan for your organization. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Study the Synflood.pcapng file and determine the source IP address.

Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.

You are the lead cybersecurity specialist at a cutting-edge tech organization that specializes In developing artificial intelligence (Al)products for clients across various sectors. Given the sensitivity and proprietary nature of your products, ensuring top-notch security is of paramount importance. Late one evening, you receive an alert from your threat Intelligence platform about potential vulnerabilities In one of the third-party components your Al products heavily rely upon. This component is known to have integration points with several key systems within your organization. Any successful exploitation of this vulnerability could grant attackers unparalleled access to proprietary algorithms and client-specific modifications, which could be catastrophic in the wrong hands.

While you are analyzing the threat’s details, a member of your team identifies several unusual patterns of data access, suggesting that the vulnerability might already have been exploited. The potential breach's initial footprint suggests a highly sophisticated actor, possibly even a nation-state entity. Given the gravity of the situation and the potential consequences of a full-blown breach, what should be your immediate course of action to address the incident and ensure minimal risk exposure?