Q1. Which kind of evidence can be considered most reliable to arrive at an analytical assertion?
A. direct
B. corroborative
C. indirect
D. circumstantial
E. textual
Answer: A
Q2. In Microsoft Windows, as files are deleted the space they were allocated eventually is considered available for use by other files. This creates alternating used and unused areas of various sizes. What is this called?
A. network file storing
B. free space fragmentation
C. alternate data streaming
D. defragmentation
Answer: A
Q3. Which option can be addressed when using retrospective security techniques?
A. if the affected host needs a software update
B. how the malware entered our network
C. why the malware is still in our network
D. if the affected system needs replacement
Answer: A
Q4. Refer to the exhibit. You notice that the email volume history has been abnormally high. Which potential result is true?
A. Email sent from your domain might be filtered by the recipient.
B. Messages sent to your domain may be queued up until traffic dies down.
C. Several hosts in your network may be compromised.
D. Packets may be dropped due to network congestion.
Answer: C
Q5. Which goal of data normalization is true?
A. Reduce data redundancy.
B. Increase data redundancy.
C. Reduce data availability.
D. Increase data availability
Answer: C
Q6. In the context of incident handling phases, which two activities fall under scoping? (Choose two.)
A. determining the number of attackers that are associated with a security incident
B. ascertaining the number and types of vulnerabilities on your network
C. identifying the extent that a security incident is impacting protected resources on the network
D. determining what and how much data may have been affected
E. identifying the attackers that are associated with a security incident
Answer: D,E
Q7. Which data type is protected under the PCI compliance framework?
A. credit card type
B. primary account number
C. health conditions
D. provision of individual care
Answer: C
Q8. Which regular expression matches "color" and "colour"?
A. col[0-9]+our
B. colo?ur
C. colou?r
D. ]a-z]{7}
Answer: C
Q9. Which identifies both the source and destination location?
A. IP address
B. URL
C. ports
D. MAC address
Answer: C
Q10. A user on your network receives an email in their mailbox that contains a malicious attachment. There is no indication that the file was run. Which category as defined in the Diamond Model of Intrusion does this activity fall under?
A. reconnaissance
B. weaponization
C. delivery
D. installation
Answer: A