1. What term is used for a sign that a threat actor maybe be preparing to attack an asset? CSIRT precursor indicator event incident incident handling 2. What term is used for the group of people who provide incident response services to an organization? precursor indicator event incident …
1. The definition of computer security incidents and related terms element is in which part of the incident response plan? policy plan procedure 2. The strategy and goals element is in which part of the incident response plan? plan procedure policy 3. The organizational structure and definition of …
1. What part of the Diamond Model represents the threat actor? adversary infrastructure direction capability result victim 2. What part of the Diamond model represents the network path that is used for an exploit? adversary infrastructure direction capability result victim 3. What part of the Diamond Model represents …
1. In which step does the threat actor exploit the vulnerability and gain control of the target? reconnaissance action on objectives installation delivery exploitation 2. In which step is the weapon transmitted to the target through the use of a website, removable USB media, an email attachment, or …
1. Which type of evidence was indisputably in the possession of the accused? indirect evidence direct evidence corroborating evidence best evidence 2. Which type of evidence supports an assertation that is developed from best evidence? direct evidence indirect evidence corroborating evidence best evidence 3. Which type of evidence …
1. Which technique involves assessment and extraction of relevant information from collected data? reporting collection analysis examination 2. Which technique involves drawing conclusions from the data? examination analysis collection reporting 3. Which is technique incudes identification of potential sources of forensic data and acquisition, handling, and storage of …
1. Which type of alert would have no incident reported and no incident has occurred? false negative true negative true positive true negative 2. Which type of alert has happened when an alert is received, but no incident has occurred? true positive true negative false positive false negative …
1. What type of event occurs when malicious activity that can affect the availability, integrity and confidentiality of a host and its data occurs? Intrusion Host or Endpoint NetFlow Configuration Network Discovery Connection 2. What kind of event is logged when a host first appears on the network? …
1. What is used to generate and view full packet captures? NetFlow tcpdump Proxy Logs Syslog 2. What two values are part of all NetFlow flow records? (Choose two.) beginning timestamp full packet details ending timestamp DNS server requests application identifiers 3. What does Application Visibility and Control …
1. What Windows security level is logged when a remote login was unsuccessfully attempted by an unauthorized user? Error Fatal Warning Information Success Audit Failure Audit 2. What Windows security level is logged when a process that is required has successfully loaded on a workstation? Error Fatal Warning …
