Place the items in the list below in the correct order in which the forensic analyst..
DRAG DROP
A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list
below in the correct order in which the forensic analyst should preserve them.
Which of the following does this illustrate?
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the
following does this illustrate?
which of the following steps should be performed FIRST?
To ensure proper evidence collection, which of the following steps should be performed FIRST?
Which of the following will allow for faster imaging to a second hard drive?
A security administrator needs to image a large hard drive for forensic analysis. Which of the following
will allow for faster imaging to a second hard drive?
Which of the following represents the BEST approach to gathering the required data?
A security technician wishes to gather and analyze all Web traffic during a particular time period.
Which of the following represents the BEST approach to gathering the required data?
Which of the following types of controls is being used?
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site
were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to
face the proper direction. Which of the following types of controls is being used?
which of the following would BEST assist Joe with detecting this activity?
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited
budget, which of the following would BEST assist Joe with detecting this activity?
Which of the following is the MOST likely reason why the incident response team is unable to identify and corr
The incident response team has received the following email message.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the
incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=okWhich of the following is the MOST likely reason why the incident response team is unable to identify and
correlate the incident?
The system administrator records the system time of all servers to ensure that:
A system administrator is responding to a legal order to turn over all logs from all company servers. The
system administrator records the system time of all servers to ensure that:
Which of the following is a problem that the incident response team will likely encounter during their assessm
A recent intrusion has resulted in the need to perform incident response procedures. The incident
response team has identified audit logs throughout the network and organizational systems which hold
details of the security breach. Prior to this incident, a security consultant informed the company that they
needed to implement an NTP server on the network. Which of the following is a problem that the
incident response team will likely encounter during their assessment?