Which of the following actions should be done by the incident response team after completing the recovery phase of the cyber incident caused by malware?
A government organization responsible for critical infrastructure is being attacked and files on the server been deleted. Which of the following are the most immediate communications that should be made regarding the incident? (Choose two.)
An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.
Which of the following provides the organization with the BEST chance for recovering their data?
According to Payment Card Industry Data Security Standard (PCI DSS) compliance requirements, an organization must retain logs for what length of time?
Which of the following security best practices should a web developer reference when developing a new web- based application?
Which term best describes an asset's susceptibility to damage or loss due to a threat?
A system administrator has been tasked with developing highly detailed instructions for patching managed assets using the corporate patch management solution. These instructions are an example of which of the following?
Which of the following digital forensic goals is being provided with hashing and time-stamping of the electronic evidence?
After successfully enumerating the target, the hacker determines that the victim is using a firewall. Which of the following techniques would allow the hacker to bypass the intrusion prevention system (IPS)?
Which of the following characteristics of a web proxy strengthens cybersecurity? (Choose two.)
Which of the following types of attackers would be MOST likely to use multiple zero-day exploits executed against high-value, well-defended targets for the purposes of espionage and sabotage?
The "right to be forgotten" is considered a core tenet of which of the following privacy-focused acts or regulations?
Organizations considered “covered entities” are required to adhere to which compliance requirement?
What are the two most appropriate binary analysis techniques to use in digital forensics analysis? (Choose two.)
An incident responder was asked to analyze malicious traffic. Which of the following tools would be BEST for this?
Which three answer options are password attack methods and techniques? (Choose three.)
Which two answer options correctly highlight the difference between static and dynamic binary analysis techniques? (Choose two.)
Which of the following regulations is most applicable to a public utility provider operating in the United States?
When attempting to determine which system or user is generating excessive web traffic, analysis of which of
the following would provide the BEST results?
An administrator investigating intermittent network communication problems has identified an excessive amount of traffic from an external-facing host to an unknown location on the Internet. Which of the following
BEST describes what is occurring?
A security administrator needs to review events from different systems located worldwide. Which of the
following is MOST important to ensure that logs can be effectively correlated?
Which of the following are common areas of vulnerabilities in a network switch? (Choose two.)
Vulnerability scanners generally classify vulnerabilities by which of the following? (Choose two.)
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been
compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
It was recently discovered that many of an organization’s servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
An organization that recently suffered a ransomware attack found that its backups were faulty. Which of the following steps could BEST ensure reliable backups in the future?
A system administrator identifies unusual network traffic from outside the local network. Which of the following
is the BEST method for mitigating the threat?
Which two options represent the most basic methods for designing a DMZ network firewall? (Choose two.)
A Linux administrator is trying to determine the character count on many log files. Which of the following command and flag combinations should the administrator use?
A security analyst is required to collect detailed network traffic on a virtual machine. Which of the following tools could the analyst use?
Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the
following threat motives does this MOST likely represent?
Which of the following is the GREATEST risk of having security information and event management (SIEM) collect computer names with older log entries?
Which of the following types of digital evidence is considered the MOST volatile?
Which two answer options are the BEST reasons to conduct post-incident reviews after an incident occurs in an organization? (Choose two.)
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
Which three disk image formats are used for evidence collection and preservation? (Choose three.)
Which three tools are used for integrity verification of files? (Choose three.)
What is the primary purpose of the "information security incident triage and processing function" in the (CSIRT) Computer Security Incident Response Team Services Framework?
Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
A common formula used to calculate risk is:+ Threats + Vulnerabilities = Risk. Which of the following represents the missing factor in this formula?
Which of the following plans helps IT security staff detect, respond to, and recover from a cyber attack?