An attack on a network is BEST blocked using which of the following?

Eve’s is an incident handler in ABC organization. One day, she got a complaint about email hacking incident from one of the employees of the organization. As a part of

incident handling and response process, she must follow many recovery steps in order to recover from incident impact to maintain business continuity.

What is the first step that she must do to secure employee account?

Which of the following is a common tool used to help detect malicious internal or compromised actors?

Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.

While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of

jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.

In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

Finn is working in the eradication phase, wherein he is eliminating the root cause of an incident that occurred in the Windows operating system installed in a system. He ran a tool that can detect missing security patches and install the latest patches on the system and networks. Which of the following tools did he use to detect the missing security patches?

Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emailsand Syslog to maintain logs. To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?

Ross is an incident manager (IM) at an organization, and his team provides support to all users in the organization who are affected by threats or attacks. David, who is the organization's internal auditor, is also part of Ross's incident response team. Which of the following is David's responsibility?

Which of the following risk mitigation strategies involves execution of controls to

reduce the risk factor and brings it to an acceptable level or accepts the potential risk

and continues operating the IT system?

Rinni is an incident handler and she is performing memory dump analysis.

Which of following tools she can use in order to perform memory dump analysis?

If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?

Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?

Tibson works as an incident responder for MNC based in Singapore. He is investigating

a web application security incident recently faced by the company. The attack is

performed on a MS SQL Server hosted by the company. In the detection and analysis

phase, he used regular expressions to analyze and detect SQL meta-characters that led

to SQL injection attack.

Identify the regular expression used by Tibson to detect SQL injection attack on MS

SQL Server.

Which of the following tools helps incident responders effectively contain a potential cloud security incident and gather required forensic evidence?

Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

Which of the following is not a countermeasure to eradicate inappropriate usage

incidents?

Bonney’s system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware

incident from spreading?

Which of the following are malicious software programs that infect computers and corrupt or delete the data on them?

ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?

The following steps describe the key activities in forensic readiness planning:

1. Train the staff to handle the incident and preserve the evidence

2. Create a special process for documenting the procedure

3. Identify the potential evidence required for an incident

4. Determine the source of the evidence

5. Establish a legal advisory board to guide the investigation process

6. Identify if the incident requires full or formal investigation

7. Establish a policy for securely handling and storing the collected evidence

8. Define a policy that determines the pathway to legally extract electronic evidence

with minimal disruption

Identify the correct sequence of steps involved in forensic readiness planning.

During the process of detecting and containing malicious emails, incident responders

should examine the originating IP address of the emails.

The steps to examine the originating IP address are as follow:

1. Search for the IP in the WHOIS database

2. Open the email to trace and find its header

3. Collect the IP address of the sender from the header of the received mail

4. Look for the geographic address of the sender in the WHOIS database

Identify the correct sequence of steps to be performed by the incident responders to

examine originating IP address of the emails.

Darwin is an attacker residing within the organization and is performing network

sniffing by running his system in promiscuous mode. He is capturing and viewing all

the network packets transmitted within the organization. Edwin is an incident handler

in the same organization.

In the above situation, which of the following Nmap commands Edwin must use to

detect Darwin’s system that is running in promiscuous mode?

Johnson an incident handler is working on a recent web application attack faced by the

organization. As part of this process, he performed data preprocessing in order to

analyzing and detecting the watering hole attack. He preprocessed the outbound

network traffic data collected from firewalls and proxy servers and started analyzing

the user activities within a certain time period to create time-ordered domain sequences

to perform further analysis on sequential patterns.

Identify the data-preprocessing step performed by Johnson.

Which of the following processes is referred to as an approach to respond to the

security incidents that occurred in an organization and enables the response team by

ensuring that they know exactly what process to follow in case of security incidents?

Which of the following is the BEST method to prevent email incidents?

Which of the following types of digital evidence is temporarily stored in a digital device that requires constant power supply and is deleted if the power supply is interrupted?

SWA Cloud Services added PKI as one of their cloud security controls. What does PKI stand for?

An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?

Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?

Which of the following is NOT part of the static data collection process?

Francis is an incident handler and security expert. He works at MorisonTech Solutions based in Sydney, Australia. He was assigned a task to detect phishing/spam mails for the client organization.

Which of the following tools can assist Francis to perform the required task?

Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?

Which of the following is an attack that occurs when a malicious program causes a user’s browser to perform an unwanted action on a trusted site for which the user is currently authenticated?

According to NITS, what are the 5 main actors in cloud computing?

You are talking to a colleague who Is deciding what information they should include in their organization’s logs to help with security auditing. Which of the following items should you tell them to NOT log?

James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.

Which of the following commands helps James in determining all the executable files for running processes?

Smith employs various malware detection techniques to thoroughly examine the

network and its systems for suspicious and malicious malware files. Among all

techniques, which one involves analyzing the memory dumps or binary codes for the

traces of malware?

Which of the following port scanning techniques involves resetting the TCP connection

between client and server abruptly before completion of the three-way handshake

signals, making the connection half-open?

Which of the following has been used to evade IDS and IPS?

Dash wants to perform a DoS attack over 256 target URLs simultaneously.

Which of the following tools can Dash employ to achieve his objective?

Which of the following terms refers to the personnel that the incident handling and response (IH&R) team must contact to report the incident and obtain the necessary permissions?

Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack. Which of the following is this type of attack?

Shiela is working at night as an incident handler. During a shift, servers were affected by a massive cyberattack. After she classified and prioritized the incident, she must report the incident, obtain necessary permissions, and perform other incident response functions. What list should she check to notify other responsible personnel?

Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?

Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Worried about getting caught, he decided to forge

his identity. To do so, he created a new identity by obtaining information from different victims.

Identify the type of identity theft Adam has performed.

Identify Sarbanes–Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of

securities analysts.

Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?

Bran is an incident handler who is assessing the network of the organization. He wants to detect ping sweep attempts on the network using Wireshark. Which of the following Wireshark filters would Bran use to accomplish this task?

Which of the following is an Inappropriate usage incident?

In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.