Which of the following is the MOST likely reason why the incident response team is unable to identify and corr
The incident response team has received the following email messagE .
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and
identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable
to identify and correlate the incident?
Which of the following incident response procedures is best suited to restore the server?
A server dedicated to the storage and processing of sensitive information was compromised
with a rootkit and sensitive data was exfiltrated. Which of the following incident response
procedures is best suited to restore the server?
which is difficult to reverse engineer in a virtual lab?
Which of the following describes a type of malware which is difficult to reverse engineer in a
virtual lab?
Which of the following attacks has MOST likely occurred?
Using a heuristic system to detect an anomaly in a computer’s baseline, a system
administrator was able to detect an attack even though the company signature based IDS
and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an
executable file onto the company PC from the USB port, and executed it to trigger a privilege
escalation flaw. Which of the following attacks has MOST likely occurred?
Which of the following can a security technician implement to ensure that documents stored on Joe’s desktop
After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes
that the document is no longer encrypted. Which of the following can a security technician
implement to ensure that documents stored on Joe’s desktop remain encrypted when moved
to external media or other network based storage?
Which of the following implements the required secure key negotiation?
A security administrator must implement a system to allow clients to securely negotiate
encryption keys with the company’s server over a public unencrypted communication
channel. Which of the following implements the required secure key negotiation? (Select
TWO).
Which of the following MUST be considered prior to sending data to a third party?
Acme Corp has selectively outsourced proprietary business processes to ABC Services.
Due to some technical issues, ABC services wants to send some of Acme Corp’s debug
data to a third party vendor for problem resolution. Which of the following MUST be
considered prior to sending data to a third party?
Which of the following type of authentication mechanism is this?
An organization has introduced token-based authentication to system administrators due to
risk of password compromise. The tokens have a set of numbers that automatically change
every 30 seconds. Which of the following type of authentication mechanism is this?
Which of the following will BEST mitigate the risk if implemented on the switches?
A security technician at a small business is worried about the Layer 2 switches in the
network suffering from a DoS style attack caused by staff incorrectly cabling network
connections between switches. Which of the following will BEST mitigate the risk if
implemented on the switches?
Which of the following antennas would be BEST for this situation?
An administrator wants to establish a WiFi network using a high gain directional antenna with
a narrow radiation pattern to connect two buildings separated by a very long distance. Which
of the following antennas would be BEST for this situation?