- All Exams Instant Download
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?A . Create a Chain of Custody DocumentB . Send it to the nearby police stationC . Set a Forensic labD . Call Organizational Disciplinary TeamView AnswerAnswer: A
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?A . Evidence GatheringB . Evidence HandlingC . EradicationD . Systems RecoveryView AnswerAnswer: A Explanation: Reference: https://www.eccouncil.org/wp-content/uploads/2019/02/ECIH-V2-Brochure.pdf
What is Ray and his team doing?
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers. What is...
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?A . Windows Event LogB . Web Server LogsC . Router LogsD . Switch LogsView AnswerAnswer: B
In which phase of Lockheed Martin's C Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
In which phase of Lockheed Martin's C Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?A . ReconnaissanceB . DeliveryC . WeaponizationD . ExploitationView AnswerAnswer: C
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
Bonney's system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?A . Complaint to police in a formal way regarding the incidentB . Turn off the infected machineC . Leave it to the...
What does this event log indicate?
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below. What does this event log indicate?A . Directory Traversal AttackB . XSS AttackC . SQL Injection AttackD . Parameter Tampering AttackView AnswerAnswer: D Explanation: Reference: https://infosecwriteups.com/what-is-parameter-tampering-5b1beb12c5ba
What filter should Peter add to the 'show logging' command to get the required output?
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210. What filter should Peter add to the 'show logging' command to get the required output?A . show logging...
Which of the following command is used to enable logging in iptables?
Which of the following command is used to enable logging in iptables?A . $ iptables -B INPUT -j LOGB . $ iptables -A OUTPUT -j LOGC . $ iptables -A INPUT -j LOGD . $ iptables -B OUTPUT -j LOGView AnswerAnswer: B Explanation: Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/
What is the first step that the IRT will do to the incident escalated by Emmanuel?
Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT. What is the first step that...
