Which two elements are part of the eradication phase for this incident?
A security team detected an above-average amount of inbound tcp/135 connection attempts from unidentified senders. The security team is responding based on their incident response playbook. Which two elements are part of the eradication phase for this incident? (Choose two.)A . anti-malware softwareB . data and workload isolationC . centralized...
Which two actions should the engineer take?
An engineer is investigating a ticket from the accounting department in which a user discovered an unexpected application on their workstation. Several alerts are seen from the intrusion detection system of unknown outgoing internet traffic from this workstation. The engineer also notices a degraded processing capability, which complicates the analysis...
What is the steganography anti-forensics technique?
What is the steganography anti-forensics technique?A . hiding a section of a malicious file in unused areas of a fileB . changing the file header of a malicious file to another file typeC . sending malicious files over a public network by encapsulationD . concealing malicious files in ordinary or...
Which filter did the engineer apply to sort the Wireshark traffic logs?
Refer to the exhibit. A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?A . http.request.un matchesB . tls.handshake.type ==1C . tcp.port eq 25D ....
Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console?
Which scripts will search a log file for the IP address of 192.168.100.100 and create an output file named parsed_host.log while printing results to the console? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: A
What is the IOC threat and URL in this STIX JSON snippet?
Refer to the exhibit. What is the IOC threat and URL in this STIX JSON snippet?A . malware; ‘http://x4z9arb.cn/4712/’B . malware; x4z9arb backdoorC . x4z9arb backdoor; http://x4z9arb.cn/4712/D . malware; malware--162d917e-766f-4611-b5d6-652791454fcaE . stix; ‘http://x4z9arb.cn/4712/’View AnswerAnswer: D
What is a concern for gathering forensics evidence in public cloud environments?
What is a concern for gathering forensics evidence in public cloud environments?A . High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.B . Configuration: Implementing security zones and proper network segmentation.C . Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.D . Multitenancy:...
What is the transmogrify anti-forensics technique?
What is the transmogrify anti-forensics technique?A . hiding a section of a malicious file in unused areas of a fileB . sending malicious files over a public network by encapsulationC . concealing malicious files in ordinary or unsuspecting placesD . changing the file header of a malicious file to another...
Which tool conducts memory analysis?
Which tool conducts memory analysis?A . MemDumpB . Sysinternals AutorunsC . VolatilityD . MemoryzeView AnswerAnswer: C Explanation: Reference: https://resources.infosecinstitute.com/topic/memory-forensics-and-analysis-using-volatility/
What should an engineer determine from this Wireshark capture of suspicious network traffic?
Refer to the exhibit. What should an engineer determine from this Wireshark capture of suspicious network traffic?A . There are signs of SYN flood attack, and the engineer should increase the backlog and recycle the oldest half-open TCP connections.B . There are signs of a malformed packet attack, and the...