Question 1 (1 point) During the Post-Incident Response Phase,…

/in /by

QuestionAnswered step-by-stepQuestion 1 (1 point) During the Post-Incident Response Phase,…Question 1 (1 point)  During the Post-Incident Response Phase, ______________ .Question 1 options:  The Mission Statement needs to be written  Technology may have to be removed  Policies may need to be rewritten  Malicious software may have to be removed from the networkQuestion 2 (1 point)  In the Eradication Phase, all of these are Stages except:Question 2 options:  Correct Vulnerabilities  Wipe Machines  Write the Executive Summary  Remove the ActorsQuestion 3 (1 point)  The Main Purpose of the Containment Stage is to _________________________.Question 3 options:  Deploy technology  Write the Executive Summary  Limit the Ability of the Threat to continue to spread.   Perform Digital ForensicsQuestion 4 (1 point)  A(n) _________ offers real-time monitoring and analysis of events as well as tracking and logging of security data for compliance or auditing purposes.Question 4 options:  Insurance Policy  Retainer  Incident Response Team  SIEMQuestion 5 (1 point)  Digital Forensics are ______________ during an IncidentQuestion 5 options:  Nice to Have  Always Needed  A tool that may be needed  Never NeededQuestion 6 (1 point) Listen After changes are made to the Incident Response Plan and/or Playbooks, it is important to ________________.Question 6 options:  notify Executive Management that changes have been made  conduct a Table Top Exercise to test the new plan  buy equipment to accommodate the new plan  wait until an incident occurs before changing the plan againQuestion 7 (1 point)  All of these are examples of Incident Response Tests except:Question 7 options:  Functional Exercises  Table-Top Exercises  Step Up Demonstrations  WalkthroughsQuestion 8 (1 point)  All Incidents are also categorized as  ____________.Question 8 options:  Identifiable  Malicious  Events  SevereQuestion 9 (1 point)  ________________ should be available as part of the incident response framework during an incident.It is not important to have technical resources available as part of the incident response framework to aid during an incidentQuestion 9 options:  Instruction Manuals  Refreshments  The CEO  Technical ResourcesQuestion 10 (1 point)  What is the first step to building an Incident Response Plan?Question 10 options:  Creating a Charter  Creating a Mission Statement  Define the CSIRT Team  Determine the DeliverablesQuestion 11 (1 point)  A _______ is a central facility which contains a team which keeps an eye on the security infrastructure, usually 24/7.Question 11 options:  SIEM  CSIRT  SOC  Executive TeamQuestion 12 (1 point) A cyber security breach can have an impact on which of the following?Question 12 options:  Confidentiality  Integrity  Availability  All of the AboveQuestion 13 (1 point)  Which of the following containment strategies is the most difficult to perform?Question 13 options:  Physical  Perimeter  Virtual  NetworkQuestion 14 (1 point)  __________ is how much of the network is affected by the IncidentQuestion 14 options:  Integrity  Root Cause  Scope  ImpactQuestion 15 (1 point)  When making changes to network or firewall configurations it is important to ________________________Question 15 options:  Use correct punctuation when making all the changes  Stay logged into the devices in case you have to make more changes.  Document thoroughly so you can return them to original configuration after an incident.  Reboot the machines after making the changes.Question 16 (1 point)  Many attacks, including MITM and Trojan Horses, may involve the use of ____________.Question 16 options:  Licensed Software  Linux Apps  Malware  Mobile DevicesQuestion 17 (1 point)  During a __________ Attack, a hacker alters records to send traffic to a fake site.Question 17 options:  DNS Spoofing  MITM  Phishing  Brute ForceQuestion 18 (1 point)  An example of a MITM attack is the ______________ attack.Question 18 options:  Phishing  Mitnick  Brute Force  SprayingQuestion 19 (1 point)  A Rainbow List is used to ____________________Question 19 options:  Target specific employees for attack  Determine which software is vulnerable  Attempt to crack passwords  Break into website databasesQuestion 20 (1 point) All of these are variants of Phishing except ________________.Question 20 options:  SMShing  Vishing  Trashing  WhalingQuestion 21 (1 point)  A ___________ should be maintained to ensure the integrity of digital evidence.Question 21 options:  Electronic wall  Chain of Custody  Tiered Process  6 foot separationQuestion 22 (1 point)  When handling mobile devices what should be considered of crucial importance?Question 22 options:  Pulling the SIM card  Removing the battery  Powering the device off  Isolating the device from WiFi and Cellular NetworksQuestion 23 (1 point)  Which of these is NOT important to a physical lab?Question 23 options:  Good array of Tools  Location  Good power  Physically SecureQuestion 24 (1 point)  The __________ Rule allows copies of digital evidence to be used in court as long as the evidence is considered forensically sound.Question 24 options:  Digital Forensic  Copy  Federal 707  Best EvidenceQuestion 25 (1 point)  What is NOT part of the forensic processQuestion 25 options:  Analysis  Courtroom Testimony  Collection  IdentificationQuestion 26 (1 point) Virtual Machines can be imaged through the use of ___________________.Question 26 options:  Special Hardware  Blanket Policies  Snapshots  Basic CommandsQuestion 27 (1 point)  What type of imaging is used to acquire the entire physical volume of a drive?Question 27 options:  Dead imaging  Remote Imaging  Hardware Imaging  Live ImagingQuestion 28 (1 point)  A RAID 5 is usually mapped as a _____________.Question 28 options:  Striped Volume  Physical Volume  Logical Volume  Extended DriveQuestion 29 (1 point)  When acquiring logical images, it will be necessary to use ________________.Question 29 options:  USB Drives  Different storage drives  Live Capture  Special softwareQuestion 30 (1 point)  Imaging an SSD has a critical difference from imaging a platter-style HD and that is?Question 30 options:  They require a special write blocker  Their speed makes the process different  Old Data is not kept on SSDs  They are considered logical drivesQuestion 31 (1 point)  ___________ is a network security appliance that segregates secure networks from other networks and can act as a router.Question 31 options:  Firewall  Bridge  Sandbox  MAUQuestion 32 (1 point)  _________ connect different networks together.Question 32 options:  Hubs  Routers  Data sets  FiltersQuestion 33 (1 point)  An __________ sits in-line with network communications to detect and prevent malicious activity.Question 33 options:  IPS  Router  Sniffer  IDSQuestion 34 (1 point)  When identifying potential areas to collect network evidence, _______________ are/is very important.Question 34 options:  Network Diagrams  New Network Equipment  Competent IT Staff  Forensic softwareQuestion 35 (1 point)  A __________ issues unique IP addresses in a networkQuestion 35 options:  Bridge  DHCP Server  DNS Server  RepeaterQuestion 36 (1 point)  Detecting a vulnerability scan of your network would be considered ______________.Question 36 options:  No Risk  Low Risk  Medium Risk  High RiskQuestion 37 (1 point)  Which of these detection criteria are the desired outcome?Question 37 options:  True Positive  False Positive  True Negative  False PositiveQuestion 38 (1 point)  ____________ is a packet capture system that must be set up before an attack occurs.Question 38 options:  TShark  Arkime (Moloch)  Wireshark  NetflowQuestion 39 (1 point)  When reviewing log files, the slowest and most time-consuming method is _____________.Question 39 options:  Manual Review  File Correlation  File Data Moning  Filtered Log ReviewQuestion 40 (1 point) Wireshark will allow the hostnames to be resolved using ___________.Question 40 options:  Local Computer Names  DHCP  DNS  ARP tablesQuestion 41 (1 point)  What are the two ways that memory can be acquired?Select 2 correct answer(s)Question 41 options:  Externally  Through the Mail  Remotely  LocallyQuestion 42 (1 point)  Copying Memory from a machine may ____________________ but that cannot be helped.Question 42 options:  Not work Correctly  Shut down the machine  Alter the memory  Alert the normal userQuestion 43 (1 point)  _____________ is an open-source scripting language to provide a command line interface.Question 43 options:  Remote Desktop Protocol  Powershell  Command Line Interface  LinuxQuestion 44 (1 point)  Before searching a computer, every analyst must review ____________ that gives them the right to search the machine.Question 44 options:  Executive Management Direction  IT Manager Authority  Case Law  Legal AuthorityQuestion 45 (1 point) The RAM for a Virtual machine snapshot is stored in the ____________ fileQuestion 45 options:  VRAM  XFAC  VMEM  XMEMQuestion 46 (1 point)  One primary goal of memory analysis is to ____________Question 46 options:  Check for type of RAM  Acquire processes or executables for further analysis.  Make the management happy  Run processes without any protection.Question 47 (1 point)  A ______ is a type of malware that imbeds itself deep within an operating system.Question 47 options:  Rootkit  Keystroke Logger  Memory Injection  Trojan HorseQuestion 48 (1 point)  Which of these is NOT a Windows registry hive?Question 48 options:  SAM  Software  System  StorageQuestion 49 (1 point)  What is NOT part of the network connections methodology?Question 49 options:  Process Name  Associated Entities  Check for Signs of a Rootkit  Parent Process IDQuestion 50 (1 point)  A ______ is a library that contains code and data that can be used by more than one program at the same time Question 50 options:  Registry  Cache File  Shadow File  DLLQuestion 51 (1 point) Complete restoration is not always the immediate goal. ________________ may be faster and allow the company to continue its mission.Question 51 options:  Erasing everything  Hiring an IT firm  Rebooting  Partial RestorationQuestion 52 (1 point) Cyber liability insurance could cover all of the following except.Question 52 options:  Cost of Informing Customer  Retainer for an Incident Response Firm  Cost of food for Incident responders  Costs of restoring dataQuestion 53 (1 point)  It is critical that the __________ of the incident be determined before recovery begins.Question 53 options:  Malicious actor  Open Ports  Root cause  Software usedQuestion 54 (1 point)  A _____________ provides guidance on how incident responders will communicate during an incident.Question 54 options:  Mission Statement  Guidance Document  Communications Plan  Backup Recovery PlanQuestion 55 (1 point)  Recovery operations may alert the adversary that they have been detected. The IR team may need to ______________________.Question 55 options:  Increase the level of monitoring  Avoid restoring operations until they are sure they will not alert the adversary  Determine who the adversary is  Deploy new technologiesQuestion 56 (1 point) System administrator accounts should be ________________Question 56 options:  assigned to all executives  disabled  allowed to use single factor authentication  verified as accurateQuestion 57 (1 point)  ____________ is an open-source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networksQuestion 57 options:  Snort  Nessus  Wireshark  YaraQuestion 58 (1 point)  ______________  represents the implementation of a more permanent fix, after the containment phase Question 58 options:  Root Case Determination  Reinstallation  Eradication  Backup Recovery Question 59 (1 point)  _______________ is a tool designed to help malware researchers identify and classify malware samplesQuestion 59 options:  Nessus  Snort  Yara  WiresharkQuestion 60 (1 point)  When patching systems, _____________Question 60 options:  Automatic may not be enough, you may have to manually patch.  Start with the systems closest to the Internet first  If a patch doesn’t exist, take the system off line  Automatic patching will always work.Question 61 (1 point)  What is NOT part of a forensic report?Question 61 options:  Exhibit List  Opinion  Tools Used  Examiner Biography/CVQuestion 62 (1 point)  Sources of information that can be considered when compiling your Incident Report include all of the following EXCEPT:Question 62 options:  Applications  Conversations between IT personnel  Personal Observations  Outputs of Forensic ToolsQuestion 63 (1 point) When detailing the containment actions, it is important to detail _________________________Question 63 options:  whether those actions were effective.  Why containment was necessary  What website you got those actions from  the version of the software found on the serverQuestion 64 (1 point)  Which of the Written Reports is considered the most technical?Question 64 options:  Incident Report  Executive Summary  CSIRT Report  Forensic ReportQuestion 65 (1 point)  The meat of the written incident report should be the _______________Question 65 options:  Network Overview  Containment Actions  Root cause analysis  Events Timeline                                                                  Engineering & TechnologyComputer ScienceCOMPUTER C ITCS4340Share Question

You might also like
Question mr cartwright has just been admitted to the med surg floor following a TURP Health Science Science Nursing Share QuestionEmailCopy link Comments (0)
Generate a professional Power Point presentation that sums the...
An airplane travels non-stop at 512 km/hr relative to the ground....
explain the role and function of four relevant health professionals...
A client experiencing secondary syphilis may experience which of...
1.One form of polycystic kidney disease (PKD) has an...
What are your tips and tricks to add physical activity into your...
What is the imapct of Proactive population-based programs in...