A.  

At-rest

B.  

In-transit

C.  

Public

D.  

Encrypted

A.  

Making the decision of whether or not to notify law enforcement on behalf of the organization.

B.  

Performing timeline creation on the system files in order to identify and remove discovered malware.

C.  

Copying critical data from suspected systems to known good systems so productivity is not affected by the investigation.

D.  

Conducting initial interviews and identifying the systems involved in the suspected incident.

A.  

Proxy matching

B.  

Signature matching

C.  

Packet matching

D.  

Irregular expression matching

E.  

Object matching

A.  

alert tcp any 22 < > any 22 (msg:SSH connection; class type:misc-attack;sid: 122:rev:1;)

B.  

alert tcp any any < > any 6000: (msg:X-Windows session; flow:from_server,established;nocase;classtype:misc-attack;sid:101;rev:1;)

C.  

alert tcp any 23 < > any 23 (msg:Telnet shell; class type:misc-attack;sid:100; rev:1;)

D.  

alert udp any any < > any 5060 (msg:VOIP message; classtype:misc-attack;sid:113; rev:2;)

A.  

Websites running ws_ftp that allow anonymous logins

B.  

Documents available on the ws_ftp.com domain

C.  

Websites hosting the ws_ftp installation program

D.  

Documents found on sites with ws_ftp in the web address

A.  

Stateful packet filtering

B.  

Signature matching

C.  

Protocol anomaly detection

D.  

CRC checking

E.  

Forward error correction

A.  

TFTPD

B.  

Hydra

C.  

Ettercap

D.  

Yersinia

A.  

Senior Management

B.  

Data Owner

C.  

Data Custodian

D.  

Security Auditor

A.  

Signature-based

B.  

Anomaly-based

C.  

Statistical

D.  

Monitored

A.  

The port may be open on the system or blocked by a firewall

B.  

The router in front of the host accepted the request and sent a reply

C.  

An ICMP unreachable message was received indicating an open port

D.  

An ACK was received in response to the initial probe packet

A.  

They did not eradicate tools left behind by the attacker

B.  

They did not properly identify the source of the breach

C.  

They did not lock the account after changing the password

D.  

They did not patch the database server after the event

A.  

Removal of unnecessary accounts from compromised systems

B.  

Segmentation of the network to protect critical assets

C.  

Resetting registry keys that vary from the baseline configuration

D.  

Determining whether encryption is in use on in scope systems

A.  

Manually selected and defined by the network architect or engineer.

B.  

Defined by selecting the highest Bridge ID to be the root bridge.

C.  

Automatically selected by the Spanning Tree Protocol (STP).

D.  

All switch interfaces become root bridges in an STP environment.