Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
100 Cards in this Set
- Front
- Back
|
Lisa hid several plaintext documents within an image file. Which security goal is she pursuing? A. Encryption B. Integrity C. Steganography D. Confidentiality |
*D. Confidentiality
|
|
|
A. Steganography B. Encryption C. Hash D. AES |
*C. Hash
|
|
|
A. Create a web-based form that verifies customer identity using another method. B. Set a temporary password that expires upon first use. C. Implement biometric authentication. D. Email the password to the user. |
*A. Create a web-based form that verifies customer identity using another method. B. Set a temporary password that expires upon first use. |
|
|
A. CHAP B. Smart Card C. HOTP D. TOTP |
D. TOTP |
|
|
Your organization issues laptops to movile users. Adminsitrators configured these laptops with full disk encryption, which requires users to enter a password when they first turn on the computer. After the operating system loads, users are required to log on with a username and password. Which of the following choices BEST describes this? A. Single-factor authentication B. Dual-factor authentication C. Multifactor authentication D. SAML |
A. Single-factor authentication |
|
|
Users at your organization currently use a combination of smart cards and passwords, but an updated security poicy requires multifactor security using three different factors. Which of the following can you add to meet the new requirement? A. Four-digit PIN B. Hardware tokens C. Fingerprint readers D. USB tokens |
C. Fingerprint readers
|
|
|
A network includes a ticket-granting server used for authentication. What authentication service does this network use? A. TACACS+ B. SAML C. LDAP D. Kerberos |
*D. Kerberos
|
|
|
You are modifying a configuration file used to authenticate Unix accounts against an external server. The file includes phrases such as DC=Server1 and DC=Com. Which authentication service is the external server using? A. Diameter B. RADIUS C. LDAP D. SAML |
*C. LDAP
|
|
|
Which of the following choices is an AAA protocol that uses shared secrets as a method of security? A. Kerberos B. SAML C. RADIUS D. MD5 |
B. SAML
|
|
|
Your organization wants to reduce the amount of money it is losing due to thefts. Which of the following is the BEST example of an equipment theft deterrent? A. Remote wiping B. Cable locks C. Strong passwords D. Disk encryption |
B. Cable locks
|
|
|
A manager recently observed an unauthorized person in a secure area, which is protected with a cipher lock door access system. After investigation, he discovered that an authorized employee gave this person the cipher lock code. Which of the following is the BEST response to this issue at the minimum cost? A. Inplement a physical security control B. Install tailgates C. Provice security awareness training D. Place a guard at the entrance |
C. Provice security awareness training
|
|
|
Management recently rewrote the organization's security policy to strengthen passwords created by users. It now states that passwords should support special characters. Which of the following choices is the BEST setting to help the organization achieve this goal? A. History B. Maximum age C. Minimum length D. Complexity |
D. Complexity
|
|
|
You have discovered that some users have been using the same passwords for months, even though the password policy requires users to change their password every 30 days. You want to ensure that users cannot reuse the same password. Which settings should you configure? (SELECT TWO) A. Maximum password age B. Password length C. Password History D. Password complexity E. Minimum password age |
*C. Password History E. Minimum password age |
|
|
A company recently hired you as a security administrator. You notice that some former accounts used by temporary employees are currently enabled. Which of the following choices is the BEST response? A. Disable all the temporary accounts B. Disable the temporary accounts you've noticed are enabled C. Craft a script to identify inactive accounts based on the last time they logged on D. Set account expiration dates for all accounts when creating them |
*C. Craft a script to identify inactive accounts based on the last time they logged on
|
|
|
An organization supports remote access, allowing users to work from home. However, management wants to ensure that personnel cannot log on to work systems from home during weekends and holidays. Which of the following BEST supports this goal? A. Least privilege B. Need to know C. Time-of-day restrictions D. Mandatory access controls |
C. Time-of-day restrictions
|
|
|
You configure access control for users in your organization. Some departments have a high employee turnover, so you want to simplify account administration. Which of the following is the BEST choice? A. User-assigned privileges B. Group-based privileges C. Domain-assigned privileges D. Network-assigned privileges |
B. Group-based privileges
|
|
|
You are configuring a file server used to share files and folders among employees within your organization. However, employees should not be able to access all folders on this server. Which of the following choices is the BEST method to manage security for these folders? A. Assign permissions to each user as needed B. Wait for users to request permission, then assign appropriate permissions C. Delegate authority to assign these permissions D. User security groups with appropriate permissions |
D. User security groups with appropriate permissions
|
|
|
The Retirement Castle uses groups for ease of administration and managment. They recently hired Jasper as their new accountant. Jasper needs access to all the files and folders used by the Accounting department. What should the administratory do to give Jasper appropriate access? A. Create an account for Jasper and add the account to the Accounting group B. Give Jasper the password for the Guest account C. Create an account for Jasper and use rule-based access control for Accounting D. Create an account for Jasper and add the account to the Administrators group |
A. Create an account for Jasper and add the account to the Accounting group
|
|
|
Your organization recently updated its security policy and indicated that Telnet should not be used within the network. Which of the following should be used instead of Telnet? A. SCP B. SFTP C. SSL D. SSH |
*D. SSH
|
|
|
One of your web servers was recently attacked and you have been tasked with reviewing firewall logs to see if you can determine how an attacker accessed the system remotely. You identified the following port numbers in log entries: 21, 22, 25, 53, 80, 110, 443 and 3389. Which of the following protocols did the attacker most likely use? A. Telnet B. HTTPS C. DNS D. RDP |
D. RDP
|
|
|
Which of the following provides the largest address space? A. IPv4 B. IPv5 C. IPv6 D. IPv7 |
C. IPv6
|
|
|
While analyzing a firewall log, you notice traffic going out of your network on UDP port 53. What does this indicate? A. Connection with a botnet B. DNS traffic C. SMTP traffic D. SFTP traffic |
B. DNS traffic
|
|
|
A team of users in your organization needs a dedicated subnet. For security reasons, other users should not be able to connect to this subnet. Which of the following choices is the BEST solution? A. Restrict traffic based on port numbers B. Restrict traffic based on physical address C. Implement DNS on the network D. Enable SNMP |
*B. Restrict traffic based on physical address
|
|
|
An organization recently updated its security policy. A new requirement dictates a need to increase protection from rogue devices plugging into physical ports. Which of the following choices provides the BEST protection? A. Disable unused ports B. Implement 802.1x C. Enable MAC limiting D. Enable MAC filtering |
*B. Implement 802.1x
|
|
|
What would administrators typically place at the end of an ACL firewall? A. Allow all all B. Timestamp C. Password D. Implicit deny |
D. Implicit deny
|
|
|
Your organization wants to protect its web server from cross-site scripting attacks. Which of the following choices provides the BEST protection? A. WAF B. Network-based firewall C. Host-based firewall D. IDS |
*A. WAF
|
|
|
Management recently learned that several employees are using the company network to visit gambling and gaming sites. They want to implement a security control to prevent this in the future. Which of the following choices would meet this need? A. WAF B. UTM C. DMZ D. NIDS |
B. UTM
|
|
|
A. IPv6 B. TCP C. ARP D. SCP |
*D. SCP
|
|
|
Which of the following BEST describes a false negative? A. An IDS falsely indicates a buffer overflow attack occured. B. Antivirus software reports that a valid application is malware. C. a locked door opens after a power failure. D. An IDS does not detect a buffer overflow attack. |
D. An IDS does not detect a buffer overflow attack.
|
|
|
Company management suspects an employee is stealing critical project information and selling it to a competitor. They'd like to identify who is doing this, without compromising any live data. What is the BEST option to meet this goal? A. Install antivirus software on all user systems. B. Implement and IPS. C. Implement an IDS. D. Add fabricated project data on a honeypot. |
D. Add fabricated project data on a honeypot.
|
|
|
Attackers frequently attack your organization, and administrators want to learn more about zero-day attacks on the network. What can they use? A. Anomaly-based HIDS B. Signature-based HIDS C. Honeypot D. Signature-based NIDS |
*C. Honeypot
|
|
|
Security personnel recently noticed a successful exploit against an application used by many employees at their company. They notified the company that sold them the software and asked for a patch. However, they discovered that a patch wasn't available. What BEST describes this scenario? A. Zero-day B. Buffer overflow C. LSO D. SQL injection |
A. Zero-day
|
|
|
What type of encryption is used with WPA2 CCMP? A. AES B. TKIP C. RC4 D. SSL |
*A. AES
|
|
|
Administrators in your organization are planning to implement a wireless network. Management has mandated that they use a RADIUS server and implement a secure wireless authentication method. Which of the following should they use? A. LEAP B. WPA-PSK C. WPA2-PSK D. AES |
*A. LEAP
|
|
|
Which of the following wireless security mechanisms is subject to a spoofing attack? A. WEP B. IV C. WPA2 Enterprise D. MAC address filtering |
*D. MAC address filtering
|
|
|
Which of the following is the BEST description of why disabling SSID broadcast is not an effective security measure against attackers? A. The network name is contained in wireless packets in plaintext. B. The passphrase is contained in wireless packets in plaintext. C. The SSID is included in MAC filters. D. The SSID is not used with WPA2. |
*A. The network name is contained in wireless packets in plaintext.
|
|
|
You are reviewing logs from a wireless survey within your organization's network due to a suspected attack and you notice the following entries: MAC ENCRYP Power 12:AB:34:CD:56:EF WPA2 47 12:AB:34:CD:56:EF WPA2 62 56:CD:34:EF:12:AB WPA2 20 12:AB:34:CD:56:EF WPA2 57 12:AB:34:CD:56:EF WPA2 49 Of the following choices, what is the MOST likely explanation of these entries? A. An evil twin is in place. B. Power of the AP needs to be adjusted. C. A rogue AP is in place. D. The AP is being pharmed. |
A. An evil twin is in place.
|
|
|
Mobile users in your network report that they frequently lose connectivity with the wireless network on some days, but on other days they don't have any problems. Which of the following types of attacks could cause this? A. IV B. Wireless jamming C. Replay D. WPA cracking |
B. Wireless jamming
|
|
|
Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need? A. WAF B. VPN C. IDS D. IPS |
B. VPN
|
|
|
You suspect that an executable file on a web server is malicious and includes a zero-day exploit. Which of the following steps can you take to verify your suspicions? A. Perform a code review. B. Perform an architecture review. C. Perform a design review. D. Perform an operating system baseline comparison. |
D. Perform an operating system baseline comparison.
|
|
|
Lisa has scanned all the user computers in the organization as part of a security audit. She is creating an inventory of these systems, including a list of applications running on each computer and the application versions. What is she MOST likely trying to identify? A. System Architecture B. Application baseline C. Code vulnerabilities D. Attack surface |
*B. Application baseline
|
|
|
An updated security policy identifies authorized applications for company-issued mobile devices. Which of the following would prevent users from installing other applications on these devices? A. Geo-tagging B. Authentication C. ACLs D. Whitelisting |
D. Whitelisting
|
|
|
A company is implementing a feature that allows multiple servers to operate on a single physical server. What is this? A. Virtualization B. IaaS C. Cloud computing D. DLP |
A. Virtualization
|
|
|
A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments? A. Baseline image B. BYOD C. Virtualized sandbox D. Change management |
C. Virtualized sandbox
|
|
|
Your company has recently standardized servers using imaging technologies. However, a recent security audit verified that some servers were immune to known OS vulnerabilities, whereas other systems were not imune to the same vulnerabilities. Which of the following would reduce these vulnerabilities? A. Patch management B. Sandboxing C. Snapshots D. Baselines |
A. Patch management
|
|
|
Someone stole an executive's smartphone, and the phone includes sensitive data. What should you do to prevent the thief from reading the data? A. Password-protect the phone B. Encrypt the data on the phone. C. Use remote wipe. D. Track the location of the phone. |
C. Use remote wipe.
|
|
|
Your organization has issued mobile devices to several key personnel. These devices store sensitive information. What can administrators implement to prevent data loss from these devices if they are stolen? A. Inventory Control B. GPS Tracking C. Full device encryption D. Geo-tagging |
C. Full device encryption
|
|
|
Homer wants to ensure that other people cannot view data on his mobile device if he leaves it unattended. What should he implement? A. Encryption B. Cable lock C. Screen lock D. Remote wiping |
C. Screen lock
|
|
|
Management wants to implement a system that will provide automatic notification when personnel remove devices from the building. Which of the following security controls will meet this requirement? A. Video monitoring B. RFID C. Geo-tagging D. Account lockout |
B. RFID
|
|
|
Your organization was recently attacked, resulting in a data breach, and attackers captured customer data. Management wants to take steps to better protect customer data. Which of the following will BEST support this goal? A. Succession planning and data recovery procedures B. Fault tolerance and redundancy C. Stronger access controls and encryption D. Hashing and digital signatures |
C. Stronger access controls and encryption
|
|
|
A business owner is preparing to decommission a server that has processed sensitive data. He plans to remove the hard drives and send them to a company that destroys them. However, he wants to be certain that personnel at that company cannot access data on the drives. Which of the following is the BEST option to meet this goal? A. Encrypt the drives using full disk encryption. B. Capture an image of the drives. C. Identify data retention policies. D. Use file-level encryption to protect data. |
A. Encrypt the drives using full disk encryption.
|
|
|
Your organization is considering the purchase of new computers. A security professional stresses that these devices should include TPMs. What benefit does a TPM provide? (Select all that apply) A. It uses hardware encryption, which is quicker than software encryption. B. It uses software encryption, which is quicker than hardware encryption. C. It includes an HSM file sytem. D. It stores RSA keys. |
A. It uses hardware encryption, which is quicker than software encryption. D. It stores RSA keys. |
|
|
What functions does an HSM include? A. Reduces the risk of employees emailing confidential information outside the organization. B. Provides webmail to clients C. Provides full drive encryption. D. Generates and stores keys used with servers. |
*D. Generates and stores keys used with servers.
|
|
|
Homer installed code designed to enable his account automatically, three days after someone disables it. What did Homer create? A. Backdoor B. Rootkit C. Armored virus D. Ransomware |
*A. Backdoor
|
|
|
Your local library is planning to purchase new computers that patrons can use for Internet research. Which of the following are the BEST choices to protect these computers. (Select TWO) A. Mantrap B. Anti-malware software C. Cable locks D. Pop-up blockers E. Disk encryption |
B. Anti-malware software C. Cable locks |
|
|
Your organization has been receiving a significant amount of spam with links to malicious web sites. You want to stop the spam. Of the following choices, what provides the BEST solution? A. Add the domain to a block list B. Use an URL filter C. Use a MAC filter D. Add antivirus software |
*A. Add the domain to a block list
|
|
|
Attackers have launched an attack using multiple systems against a single target. What type of attack is this? A. DoS B. DDoS C. SYN flood D. Buffer overflow |
B. DDoS
|
|
|
Security administrators are reviewing security controls and their usefulness. Which of the following attacks will account lockout controls prevent? (Select TWO) A. DNS poisoning B. Replay C. Brute force D. Buffer overflow E. Dictionary |
C. Brute force *E. Dictionary |
|
|
A web developer wants to reduce the chances of an attacker succssfully launching XSRF attacks against a web site application. Which of the following provides the BEST protection? A. Client-side input validation B. Web proxy C. Antivirus software D. Server-side input validation |
*D. Server-side input validation
|
|
|
A web developer is adding input validation techniques to a web site application. Which of the following should the developer implement during this process? A. Perform the validation on the server side. B. Perform the validation on the client side. C. Prevent boundary checks. D. Encrypt data with TLS. |
*A. Perform the validation on the server side.
|
|
|
An attacker is attempting to write more data into a web application's memory than it can handle. What type of attack is this? A. XSRF B. LDAP injection C. Fuzzing D. Buffer overflow |
*D. Buffer overflow
|
|
|
During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe? A. SQL injection B. Fuzzing C. Transitive access D. XSRF |
*B. Fuzzing
|
|
|
A security expert is attempting to identify the number of failures a web server has in a year. Which of the following is the expert MOST likely identifying? A. SLE B. MTTR C. ALE D. MTTF |
*C. ALE
|
|
|
You are trying to add additional security controls for a database server that includes customer records and need to justify the cost of $1,000 for these controls. The database includes 2,500 records. Estimates indicate a cost of $300 for each record if an attacker successfully gains access to them. Research indicates that there is a 10% possibility of a data breach in the next year. What is the ALE? A. $300 B. $37,500 C. $75,000 D. $750,000 |
C. $75,000
|
|
|
A penetration tester is tasked with gaining information on one of your internal servers and he enters the following command: telnet server1 80. What is the purpose of this command? A. Idenfity if server1 is running a service using port 80 and is reachable. B. Launch an attack on server1 sending 80 separate packets in a short period of time. C. Use Telnet to remotely administer server1. D. Use Telnet to start an RDP session. |
A. Idenfity if server1 is running a service using port 80 and is reachable.
|
|
|
A recent vulnerability assessment identified several issues related to an organization's security posture. Which of the following issues is MOST likely to affect the organization on a day-t-day basis? A. Natural disasters B. Lack of antivirus software C. Lack of protection for data at rest D. Lack of protection for data in transit |
B. Lack of antivirus software
|
|
|
Which of the following tools would a security administrator use to identify misconfigured systems within a network? A. Pen test B. Virus scan C. Load test D. Vulnerability scan |
*D. Vulnerability scan
|
|
|
A security expert is runnign tests to identify the security posture of a network. However, these tests are not exploiting any weaknesses. Which of the following types of test is the security expert performing? A. Penetration test B. Virus scan C. Port scan D. Vulnerability scan |
D. Vulnerability scan
|
|
|
Which of the following tools is the LEAST invasive and can verify if security controls are in place? A. Pentest B. Protocol analyzer C. Vulnerability scan D. Host enumeration |
*C. Vulnerability scan
|
|
|
Your organization develops web application software, which it sells to other companies for commercial use. To ensure the software is secure, your organization uses a peer assessment to help identify potential security issues related to the software. Which of the following is the BEST term for this process? A. Code review B. Change management C. Routine audit D. Rights and permissions review |
A. Code review
|
|
|
Your organization plans to deploy new systems within the network within the next sis months. What should your organization implement to ensure these systems are developed properly? A. Code review B. Design review C. Baseline review D. Attach surface review |
B. Design review
|
|
|
You need to periodically check the configuration of a server and identify any changes. What are you performing? A. Code review B. Design review C. Attack surface review D. Baseline review |
D. Baseline review
|
|
|
Your organization hired an external security expert to test a web application. The security expert is not given any access to the application interfaces, code, or data. What type of test will the security expert perform? A. Black hat B. White box C. Gray box D. Black box |
D. Black box
|
|
|
A security administrator needs to inspect protocol headers of traffic sent across the network. What tool is the BEST choice for this task? A. Web security gateway B. Protocol analyzer C. Honeypot D. Vulnerability assessment |
B. Protocol analyzer
|
|
|
You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST tool to capture and analyze this traffic? A. Switch B. Protocol analyzer C. Firewall D. NIDS |
*B. Protocol analyzer
|
|
|
Which of the following is the lowest-cost solution for fault tolerance? A. Load balancing B. Clustering C. RAID D. Cold site |
C. RAID
|
|
|
You need to modify the network infrastructure to increase availability of web-based applications for Internet clients. Which of the following choices provides the BEST solution? A. Load balancing B. Proxy server C. UTM D. Content inspection |
A. Load balancing
|
|
|
A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential lost sales, fines, and impact on the organization's customers. Which of the following documents is she most likely creating? A. BCP B. BIA C. DRP D. RPO |
B. BIA
|
|
|
Your organization is updating its business continuity documents. You're asked to review the communications plans for possible updates. Which of the following should you ensure is included in the communications plan? A. A list of systems to recover in hierarchical order B. Incident response procedures C. List of critical systems and components D. Methods used to respond to media requests, including templates |
*D. Methods used to respond to media requests, including templates
|
|
|
What type of encryption does the RADIUS protocol use? A. Symmetric B. Assymetric C. MD5 D. SHA |
*A. Symmetric
|
|
|
Your organization is planning to implement videoconferencing, but it wants to protect the confidentiality of the streaming video. Which of the following would BEST meet this need? A. PBKDF2 B. DES C. MD5 D. RC4 |
*D. RC4
|
|
|
An organization is implementing a PKI and plans on using public and private keys. Which of the following can be used to create strong key pairs? A. MD5 B. RSA C. AES D. HMAC |
*B. RSA
|
|
|
Your organizatio is investigating possible methods of sharing encryption keys over a public network. Which of the following is the BEST choice? A. CRL B. PBKDF2 C. Hashing D. ECDHE |
*D. ECDHE
|
|
|
A user wants to hide confidential data within a .jpg file. Which of the follwing is the BEST choice to meet this need? A. ECC B. Steganography C. CRL D. File-level encryption |
B. Steganography
|
|
|
You need to ensure data sent over an IP-based network remains confidential. Which of the following provides the BEST solution? A. Stream ciphers B. Block ciphers C. Transport encryption D. Hashing |
C. Transport encryption
|
|
|
Personnel within your company are assisting an external auditor perform a security audit. They frequently send documents to the auditor via email and some of these documents contain confidential information. Management wants to implement a solution to reduce the possibility of unintentionally exposing this data. Which of the following is the BEST choice? A. Hash all outbound email containing confidential information. B. Use digital signatures on all outbound email containing confidential information. C. Encrypt all outbound email containing confidential information. D. Implement DLP to scan all outbound email. |
*C. Encrypt all outbound email containing confidential information.
|
|
|
Which two protocols provide strong security for the Internet with the use of certificates? (Select TWO) A. SSH B. SSL C. SCP D. TLS E. SFTP |
B. SSL *D. TLS |
|
|
Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process? A. Carl's public key B. Carl's private key C. Lenny's public key D. Lenny's private key |
*B. Carl's private key
|
|
|
Bart recently sent out confidential data via email to potential competitors. Management suspects that he did so accidentally, but Bart denied sending the data. management wants to implement a method that would prevent Bart from denying accountability in the future. What are they trying to enforce? A. Confidentiality B. Encryption C. Access control D. Non-repudiation |
D. Non-repudiation
|
|
|
An organization is planning to implement an internal PKI for smart cards. Which of the following should the organization do FIRST? A. Install a CA B. Generate key pairs. C. Generate a certificate D. Identify a recovery agent |
*A. Install a CA
|
|
|
Which of the following is a valid reason to use a wildcard certificate? A. Reduce the administrative burden of managing certificates. B. Support multiple private keys. C. Support multiple public keys. D. Increase the lifetime of the certificate. |
*A. Reduce the administrative burden of managing certificates.
|
|
|
Homer works as a contractor at a company on a one-year renewing contract. After renewing his contract, the company issues him a new smart card. However, he is now having problems digitally signing email or opening encrypted email. What is the MOST likely solution? A. Copy the original certificate to the new smart card B. Copy his original private key to the new smart card C. Copy his original publid key to the new smart card D. Publish the certificate in his new smart card |
D. Publish the certificate in his new smart card
|
|
|
You need to request a certificate for a web server. Which of the following would you MOST likely use? A. CA B. CRL C. CSR D. OCSP |
*C. CSR
|
|
|
An organization is implementing a data policy and wants to designate a recovery agent. Which of the following indicates what a recovery agent can do? A. A recovery agent can retrieve a user's public key B. A recovery agent can decrypt data if users lose their private key C. B. A recovery agent can dencrypt data if users lose their private key D. A recovery agent can restore a system from backups |
*B. A recovery agent can decrypt data if users lose their private key
|
|
|
An organizational policy specifies that duties of application developers and administrators must be separated. What is the MOST likely result of implementing this policy? A. One group develops program code and the other group deploys the code B. One group develops program code and the other group modifies the code C. One group deploys program code and the other group administers databases D. One grou p develops databases and the other group modifies databases |
A. One group develops program code and the other group deploys the code
|
|
|
Application developers in your organization currently update applications on live production servers when needed. However, they do not follow any predefined procedures before applying the updates. What should the organization implement to prevent any risk associated with this process? A. Risk assessment B. Tabletop excercises C. Change management D. Incident management |
C. Change management
|
|
|
Which of the following is a type of media that allows the mass distribution of personal comments to specific groups of people? A. P2P B. Social media C. Media services D. News media |
B. Social media
|
|
|
Your organization wants to prevent damage from malware. Which stage of the common incident response procedures is the BEST stage to address this? A. Preparation B. Identification C. Mitigation D. Lessons learned |
*A. Preparation
|
|
|
You are reviewing incident response procedures related to the order of volatility. Which of the following is the LEAST volatile? A. Hard disk drive B. Memory C. RAID-6 cache D. CPU cache |
A. Hard disk drive
|
|
|
Security personnel confiscated a user's workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. What could prevent the company from taking the employee to court over this incident? A. Witnesses were not identified B. A chain of custody was not maintained C. An order of volatility was not maintained D. A hard drive analysis was not complete |
B. A chain of custody was not maintained
|
