which of the following would BEST assist Joe with detecting this activity?
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited
budget, which of the following would BEST assist Joe with detecting this activity?
Which of the following is the MOST likely reason why the incident response team is unable to identify and corr
The incident response team has received the following email message.
From: monitor@ext-company.com
To: security@company.com
Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the
incident.
09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=okWhich of the following is the MOST likely reason why the incident response team is unable to identify and
correlate the incident?
The system administrator records the system time of all servers to ensure that:
A system administrator is responding to a legal order to turn over all logs from all company servers. The
system administrator records the system time of all servers to ensure that:
Which of the following is a problem that the incident response team will likely encounter during their assessm
A recent intrusion has resulted in the need to perform incident response procedures. The incident
response team has identified audit logs throughout the network and organizational systems which hold
details of the security breach. Prior to this incident, a security consultant informed the company that they
needed to implement an NTP server on the network. Which of the following is a problem that the
incident response team will likely encounter during their assessment?
Which of the following does this illustrate?
Computer evidence at a crime scene is documented with a tag stating who had possession of the
evidence at a given time.
Which of the following does this illustrate?
which of the following is likely to be an issue with this incident?
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed
from the network and an image of the hard drive has been created. However, the system administrator
stated that the system was left unattended for several hours before the image was created. In the event
of a court case, which of the following is likely to be an issue with this incident?
Which of the following forensic procedures is involved?
The security manager received a report that an employee was involved in illegal activity and has saved
data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal division
confiscates the hard drive as evidence. Which of the following forensic procedures is involved?
Which of the following is the MOST important step for preserving evidence during forensic procedures?
Which of the following is the MOST important step for preserving evidence during forensic procedures?
which of the following phases of the Incident Response process should a security administrator define and impl
During which of the following phases of the Incident Response process should a security administrator
define and implement general defense against malware?
Which of the following stages of the Incident Handling process is the team working on?
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop
and update all Internal Operating Procedures and Standard Operating Procedures documentation in
order to successfully respond to future incidents. Which of the following stages of the Incident Handling
process is the team working on?