Which of the following is the MOST likely reason why the incident response team is unable to identify and corr
The incident response team has received the following email messagE.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and
identify the incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to
identify and correlate the incident?
Which of the following incident response procedures is best suited to restore the server?
A server dedicated to the storage and processing of sensitive information was compromised with a
rootkit and sensitive data was exfiltrated. Which of the following incident response procedures is
best suited to restore the server?
which is difficult to reverse engineer in a virtual lab?
Which of the following describes a type of malware which is difficult to reverse engineer in a virtual
lab?
Which of the following attacks has MOST likely occurred?
Using a heuristic system to detect an anomaly in a computer’s baseline, a system administrator
was able to detect an attack even though the company signature based IDS and antivirus did not
detect it. Further analysis revealed that the attacker had downloaded an executable file onto the
company PC from the USB port, and executed it to trigger a privilege escalation flaw.
Which of the following attacks has MOST likely occurred?
Which of the following can a security technician implement to ensure that documents stored on Joe’s desktop
After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the
document is no longer encrypted. Which of the following can a security technician implement to
ensure that documents stored on Joe’s desktop remain encrypted when moved to external media
or other network based storage?
Which of the following implements the required secure key negotiation?
A security administrator must implement a system to allow clients to securely negotiate encryption
keys with the company’s server over a public unencrypted communication channel. Which of the
following implements the required secure key negotiation? (Select TWO).
Which of the following MUST be considered prior to sending data to a third party?
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to
some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third
party vendor for problem resolution. Which of the following MUST be considered prior to sending
data to a third party?
Which of the following type of authentication mechanism is this?
An organization has introduced token-based authentication to system administrators due to risk of
password compromise. The tokens have a set of numbers that automatically change every 30
seconds. Which of the following type of authentication mechanism is this?
Which of the following will BEST mitigate the risk if implemented on the switches?
A security technician at a small business is worried about the Layer 2 switches in the network
suffering from a DoS style attack caused by staff incorrectly cabling network connections between
switches. Which of the following will BEST mitigate the risk if implemented on the switches?
Which of the following antennas would be BEST for this situation?
An administrator wants to establish a WiFi network using a high gain directional antenna with a
narrow radiation pattern to connect two buildings separated by a very long distance. Which of the
following antennas would be BEST for this situation?