NEW QUESTION 1
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

• A. Eradication
• B. Containment
• C. Identification
• D. Data collection

Answer: B

NEW QUESTION 2
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?

• A. Evidence Supervisor
• B. Evidence Documenter
• C. Evidence Manager
• D. Evidence Examiner/ Investigator

Answer: D

NEW QUESTION 3
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?

• A. SAM file
• B. Web serve log
• C. Routing table list
• D. Web browser history

Answer: D

NEW QUESTION 4
Which of the following is a risk assessment tool:

• A. Nessus
• B. Wireshark
• C. CRAMM
• D. Nmap

Answer: C

NEW QUESTION 5
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user’s disk and send the victim’s credit card numbers and passwords to a stranger.

• A. Cookie tracker
• B. Worm
• C. Trojan
• D. Virus

Answer: C

NEW QUESTION 6
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

• A. NIASAP
• B. NIAAAP
• C. NIPACP
• D. NIACAP

Answer: D

NEW QUESTION 7
Which one of the following is the correct sequence of flow of the stages in an incident response:

• A. Containment - Identification - Preparation - Recovery - Follow-up - Eradication
• B. Preparation - Identification - Containment - Eradication - Recovery - Follow-up
• C. Eradication - Containment - Identification - Preparation - Recovery - Follow-up
• D. Identification - Preparation - Containment - Recovery - Follow-up - Eradication

Answer: B

NEW QUESTION 8
The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

• A. Expert Witness
• B. Incident Analyzer
• C. Incident Responder
• D. Evidence Documenter

Answer: A

NEW QUESTION 9
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of an IRT?

• A. Links the appropriate technology to the incident to ensure that the foundation’s offices are returned to normal operations as quickly as possible
• B. Links the groups that are affected by the incidents, such as legal, human resources, different business areas and management
• C. Applies the appropriate technology and tries to eradicate and recover from the incident
• D. Focuses on the incident and handles it from management and technical point of view

Answer: B

NEW QUESTION 10
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:

• A. “arp” command
• B. “netstat –an” command
• C. “dd” command
• D. “ifconfig” command

Answer: B

NEW QUESTION 11
Which is the incorrect statement about Anti-keyloggers scanners:

• A. Detect already installed Keyloggers in victim machines
• B. Run in stealthy mode to record victims online activity
• C. Software tools

Answer: B

NEW QUESTION 12
Which of the following is NOT one of the techniques used to respond to insider threats:

• A. Placing malicious users in quarantine network, so that attack cannot be spread
• B. Preventing malicious users from accessing unclassified information
• C. Disabling the computer systems from network connection
• D. Blocking malicious user accounts

Answer: B

NEW QUESTION 13
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

• A. Computer Security Incident Response Team CSIRT
• B. Security Operations Center SOC
• C. Digital Forensics Examiner
• D. Vulnerability Assessor

Answer: A

NEW QUESTION 14
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

• A. Computer Forensics
• B. Digital Forensic Analysis
• C. Forensic Readiness
• D. Digital Forensic Policy

Answer: C

NEW QUESTION 15
The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

• A. Digital Forensic Examiner
• B. Computer Forensic Investigator
• C. Computer Hacking Forensic Investigator
• D. All the above

Answer: D

NEW QUESTION 16
The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

• A. An Adware
• B. Mail bomb
• C. A Virus Hoax
• D. Spear Phishing

Answer: C

NEW QUESTION 17
Which of the following incidents are reported under CAT -5 federal agency category?

• A. Exercise/ Network Defense Testing
• B. Malicious code
• C. Scans/ probes/ Attempted Access
• D. Denial of Service DoS

Answer: C

NEW QUESTION 18
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

• A. Dealing with human resources department and various employee conflict behaviors.
• B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.
• C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
• D. Dealing properly with legal issues that may arise during incidents.

Answer: A

NEW QUESTION 19
Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

• A. Digital evidence
• B. Computer Emails
• C. Digital investigation
• D. Digital Forensic Examiner

Answer: A

NEW QUESTION 20
According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

• A. One image copy
• B. Two image copies
• C. Three image copies
• D. Four image copies

Answer: B

NEW QUESTION 21
The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is known as:

• A. Incident Management
• B. Incident Response
• C. Incident Recovery
• D. Incident Handling

Answer: C

NEW QUESTION 22
The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

• A. If the insider’s technical literacy is low and process knowledge is high, the risk posed by the threat will be insignificant.
• B. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will be insignificant.
• C. If the insider’s technical literacy is high and process knowledge is low, the risk posed by the threat will be high.
• D. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will be high.

Answer: D

NEW QUESTION 23
......