Q1. Which description of a retrospective maKvare detection is true?
A. You use Wireshark to identify the malware source.
B. You use historical information from one or more sources to identify the affected host or file.
C. You use information from a network analyzer to identify the malware source.
D. You use Wireshark to identify the affected host or file.
Answer: B
Q2. In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas of various sizes. What is this called?
A. network file storing
B. free space fragmentation
C. alternate data streaming
D. defragmentation
Answer: A
Q3. Which information must be left out of a final incident report?
A. server hardware configurations
B. exploit or vulnerability used
C. impact and/or the financial loss
D. how the incident was detected
Answer: B
Q4. What mechanism does the Linux operating system provide to control access to files?
A. privileges required
B. user interaction
C. file permissions
D. access complexity
Answer: C
Q5. What is accomplished in the identification phase of incident handling?
A. determining the responsible user
B. identifying source and destination IP addresses
C. defining the limits of your authority related to a security event
D. determining that a security event has occurred
Answer:
Q6. Which option can be addressed when using retrospective security techniques?
A. if the affected host needs a software update
B. how the malware entered our network
C. why the malware is still in our network
D. if the affected system needs replacement
Answer: A
Q7. Which component of the NIST SP800-61 r2 incident handling strategy reviews data?
A. preparation
B. detection and analysis
C. containment, eradication, and recovery
D. post-incident analysis
Answer: B
Q8. Which type of analysis assigns values to scenarios to see what the outcome might be in each scenario?
A. deterministic
B. exploratory
C. probabilistic
D. descriptive
Answer: D
Q9. Which string matches the regular expression r(ege)+x?
A. rx
B. regeegex
C. r(ege)x
D. rege+x
Answer: A
Q10. DRAG DROP
Refer to the exhibit. Drag and drop the element name from the left onto the correct piece of the NetFlow v5 record from a security event on the right.
Answer: