CompTIA Cybersecurity Analyst (CySA+) - Module 3: Cyber Incident Response. Rated A

Document Content and Description Below

CompTIA Cybersecurity Analyst (CySA+) - Module 3: Cyber Incident Response Which of the following describes a rudimentary threat that would be picked up by an anti-virus or IPS? Known Threat Unkno... wn threat Zero-day threat Advanced Persistent Threat -Answer- Known Threat Which of the following describes a threat coming from a well trained attacker such as another country? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat -Answer- Advanced Persistent Threat Which of the following describes a threat unknown to the local IT department but is currently otherwise known? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat -Answer- Unknown threat Which of the following describes an threat with no known solution or fix? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat -Answer- Zero-day threat When considering the severity an incident and implementing various remedies to an incident which of the following is the greatest limiter in implementing a security control? Economic Recovery Time Scope Data Integrity -Answer- Economic What type of data would include information such as addresses full names and social security numbers? PIIPHI PCI IP -Answer- PII What type of information would include card numbers CVV and pin? PII PHI PCI IP -Answer- PCI When protecting your payment card information it should be noted you will never have to distribute your pin number. True False -Answer- True When determining the security of an incident the associated downtime is measure by determining how long the system has been down thus far. True False -Answer- False Which of the following can be found in a forensics toolkit? Choose all that apply. Write blocker Read blocker Cameras Zip ties -Answer- Write blocker & Cameras Generally what is considered to be the minimal acceptable RAM on an enterprise forensic workstation? 16GB 32GB 64GB 128GB -Answer- 32GB A forensic workstation should not have access to the internet in order to prevent compromising the sensitive data on the system. True False -Answer- True Simply denying write permissions is adequate enough in ensuring a system is producing valid evidence.True False -Answer- False Why are devices such as write blockers and forensic workstations utilized while collecting evidence? Efficient data retrieval Due diligence To maintain integrity of evidence To guarantee enough evidence is collected -Answer- To maintain integrity of evidence Which of the following will best guarantee that evidence will be preserved on a machine? Live acquisition Shutting down the computer Pulling the plug Packet capture -Answer- Pulling the plug (Never do this!) Which of the following will best capture the most possible evidence but might result in changing data? Live acquisition Shutting down the computer Pulling the plug Packet capture -Answer- Live acquisition Which of the following may compromise volatile storage but nor risk changing data? Live acquisition Shutting down the computer Pulling the plug Packet capture -Answer- Shutting down the computer When performing a forensic analysis of a compromised machine it was discovered that the analyst was unable to plug the hard drive directly into the forensic workstation. This cause valuable time to be wasted. What device could have most likely solved this problem? Proper cables Wiped removable media Write blockers Drive adapters -Answer- Drive adaptersWhen utilizing some for of removable media it is important to make sure the media is completely clean to avoid compromising evidence. True False -Answer- True How many points of entry is ideal at the scene of an incident? One Two Three Four -Answer- One Utilizing a camera to take ongoing video of the scene of an incident is unreliable as the holder may have shaky hands and extra audio can be distracting. True False -Answer- False When should chain of custody be established? Before an incident Some time after an incident After all evidence is collected Immediately after an incident -Answer- Immediately after an incident Which of the following hashing algorithms is commonly used to allow large amounts of data to be quickly hashed? MDA MD5 SHA-1 SHA-2 -Answer- MDA Where should hashed password be stored on a Linux system to best prevent user access? /shadow /password /SAM /secure -Answer- /shadow Which of the following stakeholders is concerned about employee rights and employment laws? HRLegal Marketing Management -Answer- HR Which of the following stakeholders is concerned with local laws and industrial regulations? HR Legal Marketing Management -Answer- Legal Which of the following stakeholders is concerned with public relations and brand? HR Legal Marketing Management -Answer- Marketing Which of the following stakeholders is considered to have the final say in incident response? HR Legal Marketing Management -Answer- Management Corporate VOIP devices would be considered out of band communication and safe to use in case of an incident. True False -Answer- False Local law enforcement should be informed in case of a severe incident that involves a physical intrusion into a corporate premise. True False -Answer- True Which of the following symptoms could be an indicator that an attacker has installed malware on a legitimate system and is awaiting an external command? Bandwidth consumption Scan sweeps Irregular Peer-to-peer communication Beaconing -Answer- BeaconingWhich of the following symptoms could indicate that a system is maliciously scanning a network? Beaconing Rogue access point installed systematic communication over every port Spikes in network traffic -Answer- systematic communication over every port Beaconing while potentially malicious could be confused for which of the following types of legitimate traffic? [Show More]

Last updated: 1 year ago

Preview 1 out of 10 pages