Which of the following does this illustrate?
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the
following does this illustrate?
which of the following steps should be performed FIRST?
To ensure proper evidence collection, which of the following steps should be performed FIRST?
Which of the following will allow for faster imaging to a second hard drive?
A security administrator needs to image a large hard drive for forensic analysis. Which of the
following will allow for faster imaging to a second hard drive?
Which of the following will allow for faster imaging to a second hard drive?
A security administrator needs to image a large hard drive for forensic analysis. Which of the
following will allow for faster imaging to a second hard drive?
Which of the following represents the BEST approach to gathering the required data?
A security technician wishes to gather and analyze all Web traffic during a particular time period.
Which of the following represents the BEST approach to gathering the required data?
Which of the following types of controls is being used?
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at
the site were facing the wrong direction to capture the incident. The analyst ensures the cameras
are turned to face the proper direction. Which of the following types of controls is being used?
Which of the following types of controls is being used?
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at
the site were facing the wrong direction to capture the incident. The analyst ensures the cameras
are turned to face the proper direction. Which of the following types of controls is being used?
which of the following would BEST assist Joe with detecting this activity?
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a
limited budget, which of the following would BEST assist Joe with detecting this activity?
which of the following would BEST assist Joe with detecting this activity?
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a
limited budget, which of the following would BEST assist Joe with detecting this activity?
Which of the following is the MOST likely reason why the incident response team is unable to identify and corr
The incident response team has received the following email message.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and
identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to
identify and correlate the incident?