NEW QUESTION 1
_____ record(s) user’s typing.

• A. Spyware
• B. adware
• C. Virus
• D. Malware

Answer: A

NEW QUESTION 2
Removing or eliminating the root cause of the incident is called:

• A. Incident Eradication
• B. Incident Protection
• C. Incident Containment
• D. Incident Classification

Answer: A

NEW QUESTION 3
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

• A. An insider intentionally deleting files from a workstation
• B. An attacker redirecting user to a malicious website and infects his system with Trojan
• C. An attacker infecting a machine to launch a DDoS attack
• D. An attacker using email with malicious code to infect internal workstation

Answer: A

NEW QUESTION 4
Electronic evidence may reside in the following:

• A. Data Files
• B. Backup tapes
• C. Other media sources
• D. All the above

Answer: D

NEW QUESTION 5
A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy that focuses on minimizing the probability of risk and losses by searching for vulnerabilities in the system and appropriate controls:

• A. Risk Assumption
• B. Research and acknowledgment
• C. Risk limitation
• D. Risk absorption

Answer: B

NEW QUESTION 6
The typical correct sequence of activities used by CSIRT when handling a case is:

• A. Log, inform, maintain contacts, release information, follow up and reporting
• B. Log, inform, release information, maintain contacts, follow up and reporting
• C. Log, maintain contacts, inform, release information, follow up and reporting
• D. Log, maintain contacts, release information, inform, follow up and reporting

Answer: A

NEW QUESTION 7
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

• A. Software Key Grabber
• B. Hardware Keylogger
• C. USB adapter
• D. Anti-Keylogger

Answer: B

NEW QUESTION 8
What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

• A. “arp” command
• B. “netstat –an” command
• C. “dd” command
• D. “ifconfig” command

Answer: A

NEW QUESTION 9
Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

• A. Gain privileged access, install malware then activate
• B. Install malware, gain privileged access, then activate
• C. Gain privileged access, activate and install malware
• D. Activate malware, gain privileged access then install malware

Answer: A

NEW QUESTION 10
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance, tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

• A. Correlating known patterns of suspicious and malicious behavior
• B. Protecting computer systems by implementing proper controls
• C. Making is compulsory for employees to sign a none disclosure agreement
• D. Categorizing information according to its sensitivity and access rights

Answer: A

NEW QUESTION 11
Which of the following may be considered as insider threat(s):

• A. An employee having no clashes with supervisors and coworkers
• B. Disgruntled system administrators
• C. An employee who gets an annual 7% salary raise
• D. An employee with an insignificant technical literacy and business process knowledge

Answer: B

NEW QUESTION 12
What is correct about Quantitative Risk Analysis:

• A. It is Subjective but faster than Qualitative Risk Analysis
• B. Easily automated
• C. Better than Qualitative Risk Analysis
• D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 13
If the loss anticipated is greater than the agreed upon threshold; the organization will:

• A. Accept the risk
• B. Mitigate the risk
• C. Accept the risk but after management approval
• D. Do nothing

Answer: B

NEW QUESTION 14
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network
resources.

• A. URL Manipulation
• B. XSS Attack
• C. SQL Injection
• D. Denial of Service Attack

Answer: D

NEW QUESTION 15
Which of the following service(s) is provided by the CSIRT:

• A. Vulnerability handling
• B. Technology watch
• C. Development of security tools
• D. All the above

Answer: D

NEW QUESTION 16
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the system is known as:

• A. Asset Identification
• B. System characterization
• C. Asset valuation
• D. System classification

Answer: B

NEW QUESTION 17
The region where the CSIRT is bound to serve and what does it and give service to is known as:

• A. Consistency
• B. Confidentiality
• C. Constituency
• D. None of the above

Answer: C

NEW QUESTION 18
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?

• A. Incident recording
• B. Reporting
• C. Containment
• D. Identification

Answer: D

NEW QUESTION 19
Which of the following is NOT a digital forensic analysis tool:

• A. Access Data FTK
• B. EAR/ Pilar
• C. Guidance Software EnCase Forensic
• D. Helix

Answer: B

NEW QUESTION 20
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

• A. NIASAP
• B. NIAAAP
• C. NIPACP
• D. NIACAP

Answer: D

NEW QUESTION 21
The correct order or sequence of the Computer Forensic processes is:

• A. Preparation, analysis, examination, collection, and reporting
• B. Preparation, collection, examination, analysis, and reporting
• C. Preparation, examination, collection, analysis, and reporting
• D. Preparation, analysis, collection, examination, and reporting

Answer: B

NEW QUESTION 22
Agencies do NOT report an information security incident is because of:

• A. Afraid of negative publicity
• B. Have full knowledge about how to handle the attack internally
• C. Do not want to pay the additional cost of reporting an incident
• D. All the above

Answer: A

NEW QUESTION 23
The largest number of cyber-attacks are conducted by:

• A. Insiders
• B. Outsiders
• C. Business partners
• D. Suppliers

Answer: B

NEW QUESTION 24
......