Business > EXAM > FedVTE Cyber Security Investigations 30 Questions with Verified Answers,100% CORRECT (All)

FedVTE Cyber Security Investigations 30 Questions with Verified Answers,100% CORRECT

Document Content and Description Below

FedVTE Cyber Security Investigations 30 Questions with Verified Answers Which of the following can be determined by capturing and analyzing network traffic? A. Intent of Insider Threat a... ctors and logs of their activity B. Communication and connections between hosts C. Open files and Registry handles on individual hosts D. Firewall and Intrusion Detection rules for the gateway - CORRECT ANSWER B. Communication and connections between hosts Which of the following is a method to detect an incident? A. IDS alarm B. Log analysis C. 3rd Party Information D. Public or attacker announcement E. All of the above F. None of the above - CORRECT ANSWER E. All of the above Which of the following describes hash analysis? A. Validating file integrity by matching before and after hash values B. Organizing data sets into key and hash value pairs C. Matching file hash values against a set of known hash values D. Identifying file types by analyzing individual hash values - CORRECT ANSWER C. Matching file hash values against a set of known hash values Which of the following is NOT a goal of triage? A. Quickly identify indicators of compromise B. Identify vectors used to compromise the systems C. Determine normal and abnormal network behavior D. Determine which systems require in-depth analysis - CORRECT ANSWER C. Determine normal and abnormal network behavior What is the order of the stages of attacker methodology? A. Footprinting, Vulnerability Exploitation, Foothold, Damage B. Footprinting, Foothold, Vulnerability Exploitation, Damage C. Footprinting, Vulnerability Exploitation, Damage, Foothold D. Vulnerability exploitation, Footprinting, Foothold, Damage - CORRECT ANSWER A. Footprinting, Vulnerability Exploitation, Foothold, Damage Why are analysis of file signatures and file extensions helpful to investigators? A. They can identify what the file type is and what the OS will try to open it with B. They can determine if the file was corrupted during transfer C. They can indicate obfuscation by showing when signatures and extensions do not match D. They can show if the file was executed by a user or if it was a drive-by download - CORRECT ANSWER C. They can indicate obfuscation by showing when signatures and extensions do not match Subjective data has no purpose in Incident Response considerations. A. True B. False - CORRECT ANSWER B. False What is the purpose of a write-block device? A. To deny a system from communicating on a network B. To prevent changes to a piece of digital evidence C. To prevent malware from being written to a hard drive D. To queue system writes to prevent congestion when writing to the drive - CORRECT ANSWER B. To prevent changes to a piece of digital evidence Why is it important to check At/Scheduled Tasks, Startup folders, Registry HKCU/HKLM, DLL replacements and Web browser extensions? A. These are areas where insider threat actors typically hide evidence of their activity B. These are areas to check for malware persistence C. These areas can be overwritten by newer records especially on new systems with high level of events generated D. These areas are often compressed and encrypted to bypass security sensors - CORRECT ANSWER B. These are areas to check for malware persistence A forensic image is: A. A picture taken of the physical components of a compromised system B. The documentation surrounding a piece of evidence C. A zipped container of all forensic evidence regarding a specific incident D. An identical copy of a piece of digital evidence - CORRECT ANSWER D. An identical copy of a piece of digital evidence RAM is volatile data and collected while the system is still running, as it will be lost when power is removed. A. True B. False - CORRECT ANSWER A. True Installing patches, disabling services, removing accounts, and re-imaging systems are example methods of: A. Collection B. Containment C. Detection D. Eradication E. All of the above F. None of the above - CORRECT ANSWER D. Eradication Which of the following best describes the difference between physical and logical images? A. Physical images are obtained using a physical imaging devices and logical images use software to create an image B. Physical images are bit for bit duplicates of an entire device and logical images only collect information readable by the filesystem C. Physical images can only be collected on site and logical images can only be collected using remote imaging techniques D. Physical and logical images both collect all information on the media device but only logical images can collect files in memory - CORRECT ANSWER B. Physical images are bit for bit duplicates of an entire device and logical images only collect information readable by the filesystem Once an intruder has identified targets to attack and the vulnerabilities to exploit, they will begin their attack. Which phase of the attacker methodology does this fall under? A. Breach B. Enumeration C. Exploitation D. Extortion E. Footprinting - CORRECT ANSWER C. Exploitation What stage of the Digital Forensics Life Cycle does the following describe?: Training of personnel, enabling monitoring capabilities, and configuring tools to meet needs. A. Acquisition/Development B. Operations/Maintenance C. Disposal/Transition D. Implementation/Assessment - CORRECT ANSWER D. Implementation/Assessment What are MAC timestamps? A. The dates and times a MAC address was configured on a NIC B. Times that determine when packets passed through a router or switch C. Metadata timestamps on files that are valuable but should be carefully evaluated D. A Macintosh file system method of recording activity - CORRECT ANSWER C. Metadata timestamps on files that are valuable but should be carefully evaluated An on-site forensics team is always more cost effective for organizations than hiring an off-site team. A. True B. False - CORRECT ANSWER B. False What is Netflow? A. It is a protocol used to map a computer network address to a hardware address B. It is a program that locally collects information about Windows computers C. It is a protocol that allows the user to view all traffic on a SPAN port D. It is a protocol developed by Cisco to track and examine traffic volume - CORRECT ANSWER D. It is a protocol developed by Cisco to track and examine traffic volume The primary reason for forensically preparing media is: A. To ensure there is adequate space to run tools and equipment B. To ensure that there is no residual data from previous use C. To ensure media is able to copy and share data D. To ensure that media is compatible with the system - CORRECT ANSWER B. To ensure that there is no residual data from previous use Which of the following would return subjective data? A. Was the team adequately prepared and trained? B. How many systems were affected? C. What indicators were identified or missed? D. What was the timeline of the incident response and forensic analysis? - CORRECT ANSWER A. Was the team adequately prepared and trained? Which of the following can cause a compromise in evidentiary value? A. Breaks in chain of custody B. Evidence that has been changed C. Evidence collected without proper techniques D. Failure to comply with the law during evidence collection E. All of the above F. None of the above - CORRECT ANSWER E. All of the above What makes the Eradication phase of Incident Response difficult? A. All compromised systems must be cleaned because a single missed system can re-allow access B. Stopping an intrusion in progress introduces new risks and potential vulnerabilities to the network C. Eradicating the intrusion must wait until all legal action is completed D. During eradication every system must be removed from the network and re-built from scratch - CORRECT ANSWER A. All compromised systems must be cleaned because a single missed system can re-allow access Locard's Principle speculates that: A. Every piece of evidence must pass the verifiability, repeatability, and traceability test B. Every system connected to another must be identifiable C. Every 'contact' between two people or systems will leave a trace D. Every 'contact' between two people or systems will be logged - CORRECT ANSWER C. Every 'contact' between two people or systems will leave a trace RAM may contain which of the following types of information? A. Open File B. Network Connections C. Running processes D. Logged on users E. All of the above F. None of the above - CORRECT ANSWER E. All of the above What is a "Hive"? A. An area the Macintosh file system uses to maintain the relationships between files and directories on a volume B. A key part of the Linux file system that contains UIDs, GIDs, modification, access, creation times, and file locations C. A collection of discrete files that contains a registry tree and root key D. A subnet that contains honeypots - CORRECT ANSWER C. A collection of discrete files that contains a registry tree and root key With incident response, the activity of assigning levels of urgency to individual devices under examination, and followed by processing the devices in the identified order, is known as: A. Favoring B. Scaling C. Triage D. Vetting - CORRECT ANSWER C. Triage When responding to an incident, which type of data should be collected first? A. Archived logs B. Flash media C. Interviews D. Volatile data - CORRECT ANSWER D. Volatile data Which of the following refers to the documentation of and actions on evidence that is going to be used as part of an investigation? A. Evidentiary consideration B. Chain of custody C. Traceability of custody D. Evidentiary verifiability - CORRECT ANSWER B. Chain of custody Hash values can be calculated for any file or data set, including full hard drives. A. True B. False - CORRECT ANSWER A. True Which of the following best describes data carving? A. Data carving is the process of segmenting data by device in order to prevent evidence corruption B. Data carving is the process of searching through a drive for file signatures to identify remnants of files C. Data carving is the process of rendering a file unreadable to unauthorized persons or devices D. Data carving is the process of copying a file while ensuring that the original file is unchanged during the copy process for submission in a court of law - CORRECT ANSWER B. Data carving is the process of searching through a drive for file signatures to identify remnants of files [Show More]

Last updated: 8 months ago

Preview 1 out of 12 pages

Add to cart

Instant download

document-preview

Buy this document to get the full access instantly

Instant Download Access after purchase

Add to cart

Instant download

Also available in bundle (1)

ALL FedVTE Exams (20 Sets) Questions with Verified Answers 100% CORRECT

FedVTE Cyber Risk Management for Technicians Questions with Answers,Cyber security Analyst Quiz FedVTE 40 Questions with Verified Answers,FedVTE Windows Operating System Security 50 Questions with Ver...

By Nolan19 8 months ago

$33

20  

Reviews( 0 )

$7.50

Add to cart

Instant download

Can't find what you want? Try our AI powered Search

OR

REQUEST DOCUMENT
62
0

Document information


Connected school, study & course


About the document


Uploaded On

Oct 10, 2023

Number of pages

12

Written in

Seller


seller-icon
Nolan19

Member since 2 years

10 Documents Sold


Additional information

This document has been written for:

Uploaded

Oct 10, 2023

Downloads

 0

Views

 62

Recommended For You

Get more on EXAM »
What is Browsegrades

In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.

We are here to help

We're available through e-mail, Twitter, Facebook, and live chat.
 FAQ
 Questions? Leave a message!

Follow us on
 Twitter

Copyright © Browsegrades · High quality services·