Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)A . Web crawling B. Distributed denial of service (DDoS) attack C. Password guessing D. Phishing E. Brute force attackView AnswerAnswer: D,E Explanation: Reference: https://www.itproportal.com/features/the-four-most-popular-methods-hackers-use-to-spread- ransomware/
Which of the following commands could the investigator use to determine which files have been opened by this user?
A security investigator has detected an unauthorized insider reviewing files containing company secrets. Which of the following commands could the investigator use to determine which files have been opened by this user?A . ls B. lsof C. ps D. netstatView AnswerAnswer: B
If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?
If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?A . Covering tracks B. Expanding access C. Gaining persistence D. Performing reconnaissanceView AnswerAnswer: A Explanation: Reference: https://resources.infosecinstitute.com/category/certifications-training/ethical-hacking/covering- tracks/log-tampering-101/#gref
Which of the following technologies could perform these steps automatically in the future?
A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?A . Intrusion prevention system (IPS) B. Intrusion detection system (IDS) C....
Which of the following phases of the incident response process match the actions taken?
An incident at a government agency has occurred and the following actions were taken: - Users have regained access to email accounts - Temporary VPN services have been removed - Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated - Temporary email servers have been decommissioned Which...
Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)
Which of the following are legally compliant forensics applications that will detect an alternative data stream (ADS) or a file with an incorrect file extension? (Choose two.)A . Disk duplicator B. EnCase C. dd D. Forensic Toolkit (FTK) E. Write blockerView AnswerAnswer: B,D
Which of the following is MOST important to ensure that logs can be effectively correlated?
A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?A . Logs should be synchronized to their local time zone. B. Logs should be synchronized to a common, predefined time source. C. Logs...
Which of the following represents the BEST option for addressing this concern?
An incident response team is concerned with verifying the integrity of security information and event management (SIEM) events after being written to disk. Which of the following represents the BEST option for addressing this concern?A . Time synchronization B. Log hashing C. Source validation D. Field name consistencyView AnswerAnswer: A...
Detailed step-by-step instructions to follow during a security incident are considered:
Detailed step-by-step instructions to follow during a security incident are considered:A . Policies B. Guidelines C. Procedures D. StandardsView AnswerAnswer: C
Which of the following does this statement BEST describe?
Senior management has stated that antivirus software must be installed on all employee workstations. Which of the following does this statement BEST describe?A . Guideline B. Procedure C. Policy D. StandardView AnswerAnswer: C