A company executive’s laptop was compromised, leading to a security breach. The laptop was placed into
storage by a junior system administrator and was subsequently wiped and re-imaged. When it was
determined that the authorities would need to be involved, there was little evidence to present to the
investigators. Which of the following procedures could have been implemented to aid the authorities in
their investigation?

A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the
corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his
personal laptop. When confronted, Joe indicated that he was never told that he could not view that typeof material on his personal laptop. Which of the following should the company have employees
acknowledge before allowing them to access the corporate WLAN with their personal devices?

A company has two server administrators that work overnight to apply patches to minimize disruption to
the company. With the limited working staff, a security engineer performs a risk assessment to ensure
the protection controls are in place to monitor all assets including the administrators in case of an
emergency. Which of the following should be in place?

A company’s Chief Information Officer realizes the company cannot continue to operate after a disaster.
Which of the following describes the disaster?

Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in
order to leverage mobile technology without providing every user with a company owned device. She is
concerned that users may not understand the company’s rules, and she wants to limit potential legal
concerns. Which of the following is the CTO concerned with?

Which of the following malware types may require user interaction, does not hide itself, and is commonly
identified by marketing pop-ups based on browsing habits?

A security administrator discovers that an attack has been completed against a node on the corporate
network. All available logs were collected and stored.
You must review all network logs to discover the scope of the attack, check the box of the node(s) that
have been compromised and drag and drop the appropriate actions to complete the incident response on
the network. The environment is a critical production environment; perform the LEAST disruptive actions
on the network, while still performing the appropriate incident responses.
Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the
node(s) that have been compromised and drag and drop the appropriate actions to complete the incident
response on the network. Not all actions may be used, and order is not important. If at anytime you
would like to bring back the initial state of the simulation, please select the Reset button. When you have
completed the simulation, please select the Done button to submit. Once the simulation is submitted,
please select the Next button to continue.

A program has been discovered that infects a critical Windows system executable and stays dormant in
memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot
loader and continues to target additional Windows PCs or phones. Which of the following malware
categories BEST describes this program?

A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear.
After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is
MOST likely to be contained in the download?

Which of the following malware types typically allows an attacker to monitor a user’s computer, is
characterized by a drive-by download, and requires no user interaction?