When performing an investigation, a security analyst needs to extract information from text files in a Windows operating system. Which of the following commands should the security analyst use?
A. findstr
B. grep
C. awk
D. sigverif
Which asset would be the MOST desirable for a financially motivated attacker to obtain from a health insurance company?
A. Transaction logs
B. Intellectual property
C. PII/PHI
D. Network architecture
During which of the following attack phases might a request sent to port 1433 over a whole company network be seen within a log?
A. Reconnaissance
B. Scanning
C. Gaining access
D. Persistence
Which of the following, when exposed together, constitutes PII? (Choose two.)
A. Full name
B. Birth date
C. Account balance
D. Marital status
E. Employment status
Various logs are collected for a data leakage case to make a forensic analysis. Which of the following are MOST important for log integrity? (Choose two.)
A. Hash value
B. Time stamp
C. Log type
D. Modified date/time
E. Log path
Organizations considered "covered entities" are required to adhere to which compliance requirement?
A. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. Sarbanes-Oxley Act (SOX)
D. International Organization for Standardization (ISO) 27001
Which of the following enables security personnel to have the BEST security incident recovery practices?
A. Crisis communication plan
B. Disaster recovery plan
C. Occupant emergency plan
D. Incident response plan
An incident handler is assigned to initiate an incident response for a complex network that has been affected by malware. Which of the following actions should be taken FIRST?
A. Make an incident response plan.
B. Prepare incident response tools.
C. Isolate devices from the network.
D. Capture network traffic for analysis.
A company help desk is flooded with calls regarding systems experiencing slow performance and certain Internet sites taking a long time to load or not loading at all. The security operations center (SOC) analysts who receive these calls take the following actions:
-Running antivirus scans on the affected user machines
-
Checking department membership of affected users
-
Checking the host-based intrusion prevention system (HIPS) console for affected user machine alerts
-
Checking network monitoring tools for anomalous activities
Which of the following phases of the incident response process match the actions taken?
A. Identification
B. Preparation
C. Recovery
D. Containment
While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)
A. Identifying exposures
B. Identifying critical assets
C. Establishing scope
D. Running scanning tools
E. Installing antivirus software