Which of the following does this illustrate?
Computer evidence at a crime scene is documented with a tag stating who had possession of the
evidence at a given time.
Which of the following does this illustrate?
which of the following is likely to be an issue with this incident?
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed
from the network and an image of the hard drive has been created. However, the system administrator
stated that the system was left unattended for several hours before the image was created. In the event
of a court case, which of the following is likely to be an issue with this incident?
Which of the following forensic procedures is involved?
The security manager received a report that an employee was involved in illegal activity and has saved
data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal division
confiscates the hard drive as evidence. Which of the following forensic procedures is involved?
Which of the following is the MOST important step for preserving evidence during forensic procedures?
Which of the following is the MOST important step for preserving evidence during forensic procedures?
which of the following phases of the Incident Response process should a security administrator define and impl
During which of the following phases of the Incident Response process should a security administrator
define and implement general defense against malware?
Which of the following stages of the Incident Handling process is the team working on?
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop
and update all Internal Operating Procedures and Standard Operating Procedures documentation in
order to successfully respond to future incidents. Which of the following stages of the Incident Handling
process is the team working on?
Which of the following phases of incident response is MOST appropriate as a FIRST response?
The helpdesk reports increased calls from clients reporting spikes in malware infections on their systems.
Which of the following phases of incident response is MOST appropriate as a FIRST response?
Who should be contacted FIRST in the event of a security breach?
Who should be contacted FIRST in the event of a security breach?
which of the following steps of incident response does a team analyse the incident and determine steps to prev
In which of the following steps of incident response does a team analyse the incident and determine
steps to prevent a future occurrence?
which of the following types of risk mitigation strategies?
After a recent security breach, the network administrator has been tasked to update and backup all
router and switch configurations. The security administrator has been tasked to enforce stricter security
policies. All users were forced to undergo additional user awareness training. All of these actions are due
to which of the following types of risk mitigation strategies?