Why would an incident handler acquire memory on a system being investigated?

Why would an incident handler acquire memory on a system being investigated?A . To determine whether a malicious DLL has been injected into an applicationB . To identify whether a program is set to auto-run through a registry hookC . To list which services are installed on they systemD ....

August 1, 2020 No Comments READ MORE +

Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?

Before re-assigning a computer to a new employee, what data security technique does the IT department use to make sure no data is left behind by the previous user?A . FingerprintingB . Digital watermarkingC . BaseliningD . WipingView AnswerAnswer: D

August 1, 2020 No Comments READ MORE +

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?

Why might an administrator not be able to delete a file using the Windows del command without specifying additional command line switches?A . Because it has the read-only attribute setB . Because it is encryptedC . Because it has the nodel attribute setD . Because it is an executable fileView...

July 31, 2020 No Comments READ MORE +

Which tool uses a Snort rules file for input and by design triggers Snort alerts?

Which tool uses a Snort rules file for input and by design triggers Snort alerts?A . snotB . stickC . NidsbenchD . ftesterView AnswerAnswer: C

July 31, 2020 No Comments READ MORE +

What feature of Wireshark allows the analysis of one HTTP conversation?

What feature of Wireshark allows the analysis of one HTTP conversation?A . Follow UDP StreamB . Follow TCP StreamC . Conversation list > IPV4D . Setting a display filter to ‘tcp’View AnswerAnswer: B Explanation: Follow TCP Stream is a feature of Wireshark that allows the analysis of a single TCP...

July 30, 2020 No Comments READ MORE +

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm’s artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worm’s artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the...

July 30, 2020 No Comments READ MORE +

Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?

Which Unix administration tool is designed to monitor configuration changes to Cisco, Extreme and Foundry infrastructure devices?A . SNMPB . NetflowC . RANCIDD . RMONView AnswerAnswer: C Explanation: RANCID is a Unix tool which can be used to monitor changes to the following networked devices and more: IOS, CatOS, PIX,...

July 30, 2020 No Comments READ MORE +

Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?

Of the following pieces of digital evidence, which would be collected FIRST from a live system involved in an incident?A . Event logs from a central repositoryB . Directory listing of system filesC . Media in the CDrom driveD . Swap space and page filesView AnswerAnswer: D Explanation: Best practices...

July 29, 2020 No Comments READ MORE +

Which technology standards or protocols would meet these requirements?

A company wants to allow only company-issued devices to attach to the wired and wireless networks. Additionally, devices that are not up-to-date with OS patches need to be isolated from the rest of the network until they are updated. Which technology standards or protocols would meet these requirements?A . 802.1x...

July 29, 2020 No Comments READ MORE +

To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the following technologies?

To detect worms and viruses buried deep within a network packet payload, Gigabytes worth of traffic content entering and exiting a network must be checked with which of the following technologies?A . Proxy matchingB . Signature matchingC . Packet matchingD . Irregular expression matchingE . Object matchingView AnswerAnswer: C

July 28, 2020 No Comments READ MORE +