QUESTION 20
Based on the some statistics; what is the typical number one top incident?

QUESTION 21
Jason is an incident handler dealing with malware incidents. He was asked to perform a memory dump analysis in order to collect the information about the basic functionality of any program. As apart of his assignment, he needs to perform string search analysis to search for the malicious string that could determine the harmful actions that a program can perform.
Which of the following string-searching tools does Jason need to use to perform the intended task?

QUESTION 22
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

QUESTION 23
John is performing a memory dump analysis in order to find traces of malware. He has employed Volatility tool in order to achieve his objective.
Which of the following volatility framework command she will use in order to analyze the running process from the memory dump?

QUESTION 24
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance, tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

QUESTION 25
One of the main objectives of incident management is to prevent incidents and attacks by tightening the
physical security of the system or infrastructure. According to CERT’s incident management process, which
stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other
process improvement mechanisms?

QUESTION 26
Incident management team provides support to all users in the organization that are affected by the threat or
attack. The organization’s internal auditor is part of the incident response team. Identify one of the
responsibilities of the internal auditor as part of the incident response team:

QUESTION 27
Who is mainly responsible for providing proper network services and handling network-related incidents in each cloud service model?

QUESTION 28
Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

QUESTION 29
After a recent email attack, Harry is analyzing the incident to obtain important information. While investigating the incident, he is trying to extract information such as sender identity, mail server, sender’s IP address, location, etc.
Which of the following tools should Harry use to perform this task?

QUESTION 30
One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes before the occurrence or detection of an event or any incident:

QUESTION 31
In a qualitative risk analysis, risk is calculated in terms of:

QUESTION 32
A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

QUESTION 33
Which of the following is an inappropriate usage incident?

QUESTION 34
Otis is an incident handler working in an organization called Delmont. Recently, the organization faced several setbacks in business, whereby its revenues are decreasing. Otis was asked to take charge and look into the matter. While auditing the enterprise security, he found traces of an attack through which proprietary information was stolen from the enterprise network and passed on to their competitors.
Which of the following information se cunty incidents did Delmont face?

QUESTION 35
A malicious, security-breaking program is disguised as a useful program. Such executable programs, which are installed when a file is opened, allow others to control a user’s system.
What is this type of program called?

QUESTION 36
Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

QUESTION 37
A self-replicating virus does not alter files but resides inactive memory and duplicates itself. It takes advantage of file or information transport features on the system to travel independently.
What is this type of object called?

QUESTION 38
Which of the following is host-based evidence?