Which of the following represents the BEST approach to gathering the required data?
A security technician wishes to gather and analyze all Web traffic during a particular time period.
Which of the following represents the BEST approach to gathering the required data?
Which of the following types of controls is being used?
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at
the site were facing the wrong direction to capture the incident. The analyst ensures the cameras
are turned to face the proper direction. Which of the following types of controls is being used?
which of the following would BEST assist Joe with detecting this activity?
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a
limited budget, which of the following would BEST assist Joe with detecting this activity?
Which of the following is the MOST likely reason why the incident response team is unable to identify and corr
The incident response team has received the following email message.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and
identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to
identify and correlate the incident?
The system administrator records the system time of all servers to ensure that:
A system administrator is responding to a legal order to turn over all logs from all company
servers. The system administrator records the system time of all servers to ensure that:
Which of the following is a problem that the incident response team will likely encounter during their assessm
A recent intrusion has resulted in the need to perform incident response procedures. The incident
response team has identified audit logs throughout the network and organizational systems which
hold details of the security breach. Prior to this incident, a security consultant informed the
company that they needed to implement an NTP server on the network. Which of the following is a
problem that the incident response team will likely encounter during their assessment?
Which of the following does this illustrate?
Computer evidence at a crime scene is documented with a tag stating who had possession of the
evidence at a given time.
Which of the following does this illustrate?
which of the following is likely to be an issue with this incident?
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been
removed from the network and an image of the hard drive has been created. However, the system
administrator stated that the system was left unattended for several hours before the image was
created. In the event of a court case, which of the following is likely to be an issue with this
incident?
Which of the following forensic procedures is involved?
The security manager received a report that an employee was involved in illegal activity and has
saved data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal
division confiscates the hard drive as evidence. Which of the following forensic procedures is
involved?
Which of the following is the MOST important step for preserving evidence during forensic procedures?
Which of the following is the MOST important step for preserving evidence during forensic
procedures?