ERASED TEST, YOU MAY BE INTERESTED ON ECIHv2
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
ECIHv2 Description: ECIH v2 Author:
Creation Date: 11/01/2025 Category: Computers Number of questions: 102 |
Share the Test:
New Comment
No comments about this test.
Content:
|
Alice is an incident handler and she has been informed by her lead that the data on affected systems must bebacked up so that it can be retrieved if it is damaged during incident response process. She was also told that the system backup can also be used for further investigation of the incident.
In which of the following stages of the incident handling and response (IH&R) process Alice has to take the complete backup of the infected system? Incident recording Eradication Incident triage Containment . Which of the following methods help incident responders to reduce the false-positive alert rates and further provide benefits of focusing on topmost priority issues reducing potential risk and corporate liabilities? Threat profiling Threat correlation Threat contextualization Threat attribution . QualTech Solutions is a leading security services enterprise. Dickson works as an incident responder with this firm. He is performing vulnerability assessment to identify the security problems in the network, using automated tools to identify the hosts, services, and vulnerabilities present in the enterprise network. Based on the above scenario, identify the type of vulnerability assessment performed by Dickson. External assessment Passive assessment Active assessment Internal assessment . Which of the following Is NOT a countermeasure to eradicate inappropriate usage incidents? Install firewall and IDS/IPS to block services that violate the organization's policy Avoid VPN and other secure network channels Register the user activity logs and keep monitoring them regularly Always store the sensitive data in far located servers and restrict its access . Shally, an incident handler, is working for a company named Texas Pvt. Ltd. based in Florida. She was asked to work on an incident response plan. As part of the plan, she decided to enhance and improve the security infrastructure of the enterprise. She has incorporated a security strategy that allows security professionals to use several protection layers throughout their information system. Due to multiple layer protection, this security strategy assists in preventing direct attacks against the organization's information system as a break in one layer only leads the attacker to the next layer. Identify the security strategy Shally has incorporated in the incident response plan. Covert channels Defense-in-depth Three-way handshake Exponential backoff algorithm . Which of the following GPG18 and Forensic readiness planning (SPF) principles states that “organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business”? Principle 2 Principle 3 Principle 5 Principle 7. Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Worried about getting caught, he decided to forge his identity. To do so, he created a new identity by obtaining Information from different victims. Identify the type of identity theft Adam has performed. Tax identity theft Social identity theft Medical identity theft Synthetic identity theft . Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is NOT a multiple component incident? An attacker using email with malicious code to infect internal work station An attacker redirecting user to a malicious website and infects his system with Trojan An insider intentionally deleting files from a workstation An attacker infecting a machine to launch a DDoS attack . Bonney’s system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading? Complaint to police in a formal way regarding the incident Call the legal department in the organization and inform about the incident Turn off the infected machine Leave it to the network administrators to handle . In which of the following stages of incident handling and response (IH&R) process do the incident handlers try to find out the root cause of the incident along with the threat actors behind the incidents, threat vectors, etc.? Evidence gathering and forensics analysis Incident triage Incident recording and assignment Post-incident activities . Elizabeth working for OBC organization as an incident responder is assessing the risks lingering on the organizational security. During the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability. Identify the risk assessment step Elizabeth is currently in. Vulnerability identification Impact analysis Likelihood analysis System characterization . Robert is an incident handler working for Xsecurity Inc. One day, his organization faced a massive cyberattack and all the websites related to the organization went offline. Robert was on duty during the incident and he was responsible to handle the incident and maintain business continuity. He immediately restored the web application service with the help of the existing backups. According to the scenario, which of the following stages of incident handling and response (IH&R) process does Robert performed? Notification Eradication Recovery Evidence gathering and forensics analysis . Which of the following is not the responsibility of first responders? Protecting the crime scene Packaging and transporting the electronic evidence Identifying the crime scene Preserving temporary and fragile evidence and then shut down or reboot the victim's computer . Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)? ISOMEC 27035 ISO/IEC 27002 RFC 2196 PCI DSS . Eve's is an incident handler in ABC organization. One day, she got a complaint about email hacking incident from one of the employees of the organization. As a part of incident handling and response process, she must follow many recovery steps In order to recover from Incident impact to maintain business continuity. What is the first step that she must do to secure employee account? Enable scanning of links and attachments in all the emails Disabling automatic file sharing between the systems Enable two-factor authentication Restore the email services and change the password . Which of the following processes is referred to as an approach to respond to the security Incidents that occurred in an organization and enables the response team by ensuring that they know exactly what process to follow in case of security incidents? Threat assessment Risk assessment Incident response orchestration Vulnerability management . Which of the following information security personnel handles incidents from management and technical point of view? Threat researchers Incident manager (IM) Forensic investigators Network administrators . Dan is a newly appointed information security personnel in a renowned organization. He is supposed to follow many security strategies to eradicate malware incidents. Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents? Do not click on web browser Pop-up windows Do not open files with file extensions such as -bat, .com, .exe, .pif,.vbs, and so on Do not download or execute applications from third-party sources Do not download or execute applications from trusted sources. James has been appointed as an incident handling and response (IH&R) team lead and he was assigned to build an IH&R plan along with his own team in the company. Identify the IH&R process step James is currently working on. Eradication Preparation Recovery Notification . Identify Sarbanes-Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of securities analysts. Title V: Analyst Conflicts of Interest Title VII: Studies and Reports Title VIII: Corporate and Criminal Fraud Accountability Title IX: White-Collar-Crime Penalty Enhancement . Alexis is working as an incident responder in XYZ organization. She was asked to identify and attribute the actors behind an attack that took place recently. In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target. Which of the following types of threat attributions Alexis performed? True attribution Nation-state attribution Intrusion-set attribution Campaign attribution . Which one of the following is the correct flow of the stages in an incident handling and response (IH&R) process? Preparation-->incident recording-->Incident triage-->Containment-->Eradication-->Recovery-- >Postincident activities Incident triage-->Eradication->Containment.->Incident recording-->Preparation-->Recovery-- >Postincident activities Incident recording-->Preparation-->Containment-->incident triage-->Recovery-->Eradication-- >Postincident activities Containment-->Incident recording-->Incident triage-->Preparation-->Recovery-->Eradication-- >Postincident activities . Otis is an incident handler working in Delmont organization. Recently, the organization is facing several setbacks in the business and thereby its revenues are going down. Otis was asked to take the charge and look into the matter. While auditing the enterprise security, he found the traces of an attack, where the proprietary information was stolen from the enterprise network and was passed onto the competitors. Which of the following information security incidents Delmont organization faced? Unauthorized access Email-based abuse Network and resource abuses Espionage . Jacob is an employee in Dolphin Investment firm. While he was on his duty, he identified that his computer is facing some problem and he wanted to convey the issue to the respective authority in his organization. But currently this organization does not have any ticketing system to address such type of issues. In the above scenario, which of the following ticketing systems can be employed by the Dolphin Investment firm to allow Jacob to raise the issue in order to tell the respective team about the incident? ThreatConnect ManageEngine ServiceDesk Plus MISP IBM XForce Exchange . Which of the following terms refers to the personnel that the incident handling and response (IH&R) team must contact to report the incident and obtain the necessary permissions? Criminal referral Civil litigation Ticketing Point of contact . XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the root cause of the Incident is a backdoor that has bypassed the security perimeter due to an existing vulnerability In the deployed firewall. James had contained the spread of the infection and removed the malware completely. Now the organization asked him to perform incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident. Which of the following stages in IH&R process is James working on? Post-incident activities Evidence gathering and forensics analysis Eradication Notification. Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred in the client company. He acquired the evidence data, preserved it, and started performing analysis on acquired evidentiary data to identify the source of the crime and the culprit behind the incident. Identify the forensic investigation phase in which Bob is currently in. Vulnerability assessment phase Post-investigation phase Investigation phase Pre-investigation phase . During the vulnerability assessment phase, the incident responders perform various steps as below: 1. Run vulnerability scans using tools 2. Identify and prioritize vulnerabilities 3. Examine and evaluate physical security 4. Perform OSINT information gathering to validate the vulnerabilities 5. Apply business and technology context to scanner results 6. Check for misconfigurations and human errors 7. Create a vulnerability scan report Identify the correct sequence of vulnerability assessment steps performed by the incident responders. 4 1 2 3 6 5 7 1 3 2 4 5 6 7 3 6 1 2 5 4 7 2 1 4 7 5 6 3 . Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive. Identify the stage he is currently in. Post-incident activities Incident recording and assignment Incident disclosure Incident triage . Andrew, an incident responder, is performing risk assessment of the client organization. As a part of risk assessment process, he identified the boundaries of the IT systems, along with the resources and the information that constitute the systems. Identify the risk assessment step Andrew is performing. System characterization Likelihood determination Control recommendations Control analysis . Ross is an incident manager (IM) and his team provides support to all users in the organization that are affected by the threat or attack. David, who is the organizational internal auditor, is also part of the Ross’s incident response team. Among the following duties, identify one of the responsibilities of David. Configure information security controls Coordinate incident containment activities with the information security officer (ISO) Perform necessary action required to block the network traffic from the suspected intruder Identify and report security loopholes to the management for necessary actions . Joseph is an incident handling and response (IH&R) team lead In Toro Network Solutions Company. As a part of IH&R process, Joseph alerted the service providers, developers, and manufacturers about the affected resources. Identify the stage of IH&R process Joseph is currently in. Containment Eradication Recovery Incident triage. Which stage of the incident response and handling process involves auditing the system and network log files? Incident eradication Containment Incident disclosure Incident triage . Which of the following risk mitigation strategies Involves execution of controls to reduce the risk factor and brings it to an acceptable level or accepts the potential risk and continues operating the IT system? Risk assumption Risk planning Risk transference Risk avoidance . In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized? Notification Containment Incident triage Incident recording and assignment . Which of the following details are included in the evidence bags? Sensitive directories, personal, and organizational email address Error messages that contain sensitive information and files containing passwords Software version information and web application source code Date and time of seizure, exhibit number, and name of incident responder . Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic investigation process? Scanning Footprinting Enumeration Anti-forensics . Which of the following terms refers to an organization's ability to make optimal use of digital evidence in a limited period of time and with minimal investigation costs? Data analysis Forensic readiness Threat assessment Risk assessment . Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd. Identify the static data collection process step performed by Farheen while collecting static data. Administrative consideration Physical presentation Comparison System preservation . An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital media device, resulting in an entirely clean device of any previously stored data. Identify the artifact wiping technique used by the attacker. Syscall proxying File wiping utilities Disk cleaning utilities Disk degaussing/destruction . Marley was asked by his incident handling and response (IH&R) team lead to collect volatile data such as system information and network information present in the registries, cache, and RAM of victim's system. Identify the data acquisition method Marley must employ to collect volatile data. Remote data acquisition Live data acquisition Validate data acquisition Static data acquisition . Which of the following digital evidence temporarily stored on a digital device that requires a constant power supply and is deleted if the power supply is interrupted? Process memory Swap file Event logs Slack space . The following steps describe the key activities in forensic readiness planning: 1. Train the staff to handle the incident and preserve the evidence 2. Create a special process for documenting the procedure 3. Identify the potential evidence required for an incident 4. Determine the source of the evidence 5. Establish a legal advisory board to guide the investigation process 6. Identify if the incident requires full or formal investigation 7. Establish a policy for securely handling and storing the collected evidence 8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption Identify the correct sequence of steps involved in forensic readiness planning. 3 1 4 5 8 2 6 7 1 2 3 4 5 6 7 8 3 4 8 7 6 1 2 5 2 3 1 4 6 5 7 8 . Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company. While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process. In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve? Authentic Admissible Complete Believable. John is performing memory dump analysis in order to find out the traces of malware. He has employed volatility tool in order to achieve his objective. Which of the following volatility framework commands he will use in order to analyze running process from the memory dump? python vol.py hivelist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem python vol.py pslist --profile=Win2008SP 1x86 -f /root/Desktop/memdump.mem python vol.py svcscan --profile=win2008SP1 x86 -f /root/Desktop/memdump.mem | more python vol.py imageinfo -f /root/Desktop/memdump.mem . Rinni is an incident handler and she is performing memory dump analysis. Which of following tools she can use in order to perform memory dump analysis? iNetsim Procmon and ProcessExplorer Scylla and OllyDumpEx OllyDbg and IDA Pro . Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case, he needs to collect volatile Information such as running services, their process IDs, startmode, state, and status. Which of the following commands will help Clark to collect such information from running services? wmic netstat -ab net file Openfiles . Bonney’s system has been compromised by a gruesome malware. What is the primary step that Is advisable to Bonney in order to contain the malware incident from spreading? Complaint to police in a formal way regarding the incident Call the legal department in the organization and inform about the incident Turn off the infected machine Leave it to the network administrators to handle . Which of the following tools helps incident handlers to view the file system, retrieve deleted data, perform timeline analysis, web artifacts, etc., during an incident response process? Autopsy Process Explorer nbtstat netstat . Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger. Virus Adware Trojan Worm . Dan is a newly appointed information security personnel in a renowned organization. He is supposed to follow many security strategies to eradicate malware incidents. Which of the following is NOT considered as a good practice for maintaining information security and eradicating malware incidents? Do not click on web browser pop-up windows Do not open files with file extensions such as .bat, .com, .exe, .pif, .vbs, and so on Do not download or execute applications from third-party sources Do not download or execute applications from trusted sources . Jason is an incident handler dealing with malware incidents. He was asked to perform memory dump analysis in order to collect the information about the basic functionality of any program. As a part of his assignment, he needs to perform string search analysis to search for the malicious string that could determine harmful actions that a program can perform. Which of the following string-searching tools Jason needs to use to do the intended task? Dependency Walker Process Explorer PEView BinText . Smith employs various malware detection techniques to thoroughly examine the network and its systems for suspicious and malicious malware files. Among all techniques, which one involves analyzing the memory dumps or binary codes for the traces of malware? Live system Dynamic analysis Intrusion analysis Static analysis . Sam, an employee from a multinational company, sends e-mails to third-party organizations with a spoofed email address of his organization. How can you categorize this type of incident? Unauthorized access incident Network intrusion incident Inappropriate usage incident Denial-of-service incident . An incident handler is analyzing email headers to find out suspicious emails. Which of the following tools he/she must use in order to accomplish the task? SPAMfighter Gophish Barracuda Email Security Gateway Mxtoolbox. Francis is an incident handler and security expert. He works at MorisonTech Solutions based in Sydney. He was assigned a task to detect phishing/spam mails for the client organization. Which of the following tools can assist Francis to perform the required task? Netcraft Cain and Abel BTCrack Nessus. Racheal is an incident handler working in InceptionTech organization. Recently, numerous employees are complaining about receiving emails from unknown senders. In order to prevent employees against spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails. Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity? POP ARP DKIM SNMP . After a recent email attack, Harry is analyzing the incident to obtain important Information related to the incident. While investigating the incident, he is trying to extract information such as sender identity, mail server, sender's IP address, location, and so on. Which of the following tools Harry must use to perform this task? Logly Yesware Clamwin Sharp . Which of the following email security tools can be used by an incident handler to prevent the organization against evolving email threats? MxToolbox Gpg4win Email Header Analyzer Suite Toolbox . Stenley is an incident handler working for Texa Corp. located in the United States. With the growing concern of increasing emails from outside the organization, Stenley was asked to take appropriate actions to keep the security of the organization intact. In the process of detecting and containing malicious emails, Stenley was asked to check the validity of the emails received by employees. Identify the tools he can use to accomplish the given task. EventLog Analyzer PoliteMail Email Dossier PointofMail. In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID? Honeypot AP Evil twin AP Masquerading Session hijacking . Eric works as an incident handler in Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks. Which of the following tools can be used by Eric to achieve his objective? IDA Incapsula Hydra Wireshark . Bran is an incident handler who is assessing the network of the organization. In the process, he wants to detect ping sweep attempts on the network using Wireshark tool. Which of the following Wireshark filter he must use to accomplish this task? icmp.redir_gw icmp.ident icmp.seq icmp.type==8 . John, a professional hacker, is attacking an organization, where he is trying to destroy the connectivity between an AP and client to make the target unavailable to other wireless devices. which of the following attacks is John performing in this case? EAP failure Disassociation attack Routing attack Denial-of-service . Rose is an incident-handling person and she is responsible for detecting and eliminating any kind of scanning attempts over the network by any malicious threat actors. Rose uses Wireshark tool to sniff the network and detect any malicious activities going on. Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker? tcp.dstport==7 tcp.flags==0X000 tcp.flags.reset==1 tcp.flags==0X029 . Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, making the connection half-open? Null scan Full connect scan Xmas scan Stealth scan . In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN‘s SSID? Honeypot AP Evil twin AP Masquerading Session hijacking . Which of the following techniques helps incident handlers to detect man-in-the-middle attack by finding the new APs and trying to connect an already established channel, even if the spoofed AP consists similar IP and MAC addresses as of the original AP? General wireless traffic monitoring Network traffic monitoring Wireless client monitoring Access point monitoring . A US Federal Agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency's reporting timeframe guidelines, this incident should be reported within 2 h of discovery/detection If the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of US Federal Agency does this incident belong to? CAT 1 CAT2 CAT 5 CAT6 . Dash wants to perform DoS attack over 256 target URLs simultaneously. Which of the following tools can Dash employ to achieve his objective? OpenVAS Ollydbg IDAPro HOIC . Customers of an organization are experiencing either slower network communication or unavailability of services. Also, the network administrators received alerts from security tools such as IDS/IPS and firewalls about possible DoS/DDoS attack. The organization requested the incident handling and response (IH&R) team to further investigate on the incident. The IH&R team decided to use manual techniques to detect DoS/DDoS attack. Which of the following commands helps the IH&R team to manually detect DoS/DDoS attack? netstat -an nbtstat /c netstat -r nbtstat /S . Eric who is an incident responder is working on developing incident-handling plans and procedures. As part of this process, he is performing analysis on the organizational network to generate a report and to develop policies based on the acquired results. Which of the following tools will help him in analyzing network and its related traffic? Faceniff Burp Suite Wireshark Whois . Chandler is a professional hacker who is targeting Technote organization. He wants to obtain Important organizational information that is being transmitted between different hierarchies. In the process, he is sniffing the data packets transmitted through the network and then analyzing them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications. Which of the following tools Chandler must employ to perform packet analysis? BeEf shARP Omnipeek IDAPro. Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis in order to detect traces of malicious activities within the network infrastructure. Which of the following tools Drake must employ in order to view logs in real time and identify malware propagation within the network? HULK Splunk Hydra LOIC . James is working as an incident responder at CyberSol Inc. The Management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system. Which of the following commands helps James in determining all the executable files for running processes? top date /U& time doskey/history netstat -ab . Darwin is an attacker residing within the organization and is performing network sniffing by running his system In promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization. In the above situation, which of the following Nmap commands Edwin must use to detect Darwin's system that is running in promiscuous mode? nmap --script=sniffer-detect [Target IP Address/Range of IP addresses] nmap -sV -T4 -O -F -version-light nmap --script hostmap nmap -sU -p 500 . Zaimasoft, a prominent IT organization, was attacked by perpetrators, who purely targeted the hardware and caused Irreversible damage to the hardware where replacing or reinstalling the hardware was the only solution. Identify the type of denial-of-service attack performed on Zaimasoft. DDoS PDoS DRDoS DoS. Identify the network security incident where Intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources. SQL injection XSS attack URL manipulation Denial-of-service . Which of the following encoding techniques replaces unusual ASCII characters with “%" followed by the character's two-digit ASCII code expressed in hexadecimal? Base64 encoding Unicode encoding URL encoding HTML encoding . Clark, a professional hacker, exploited the web application of a target organization by tampering the form and parameter values. He successfully exploited the web application and gained access to the information assets of the organization. Identify the vulnerability in the web application exploited by the attacker. Broken access control Sensitive data exposure SQL injection Security misconfiguration . In which of the following types of fuzz testing strategies the new data will be generated from scratch and the amount of data to be generated are predefined based on the testing model? Log-based fuzz testing Protocol-based fuzz testing Mutation-based fuzz testing Generation-based fuzz testing . Johnson an incident handler is working on a recent web application attack faced by the organization. As part of this process, he performed data preprocessing in order to analyzing and detecting the watering hole attack. He preprocessed the outbound network traffic data collected from firewalls and proxy servers and started analyzing the user activities within a certain time period to create time-ordered domain sequences to perform further analysis on sequential patterns. Identify the data-preprocessing step performed by Johnson. Host name normalization Identifying unpopular domains User-specific sessionization Filtering invalid host names . An organization implemented an encoding technique to eradicate SQL injection attacks. In this technique, if a user submits a request using single-quote and some values, then the encoding technique will convert it into numeric digits and letters ranging from a to f. This prevents the user request from performing SQL injection attempt on the web application. Identify the encoding technique used by the organization. Hex encoding Base64 encoding Unicode encoding URL encoding . Mr. Smith is a lead incident responder of a small financial enterprise having few branches in Australia. Recently, the company suffered a massive attack losing USD 5 million through an inter-banking system. After in-depth investigation on the case, it was found out that the incident occurred because 6 months ago the attackers penetrated the network through a minor vulnerability and maintained the access without any user being aware of it. Then, he tried to delete users’ fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system. Finally, the attacker gained access and did fraudulent transactions. Based on the above scenario, identify the most accurate kind of attack. Denial-of-service attack Phishing Ransomware attack APT attack . An attacker traced out and found the kind of websites a target company/individual frequently surfing and tested those particular websites to identify any possible vulnerabilities. When the attacker detected vulnerabilities in the website, the attacker started injecting malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application. Identify the type of attack performed by the attacker. Watering hole Cookie/Session poisoning Obfuscation application Directory traversal . Tibson works as an incident responder for MNC based In Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MS SQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta- characters that led to SQL injection attack. Identify the regular expression used by Tibson to detect SQL injection attack on MS SQL Server. ((\.|%2E)(\.|%2E)(\/|%2F|\\|%5C)) /exec(\s|/+)+(s|x)o\w+/ix ((\%3C)|<)((\%2F|\/)*(script)((\%3E)|>) ((\.\.\\)|(\.\.\/)). John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization. War driving Pharming Pretexting Skimming . Michael is an Incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is analyzing the file systems, slack spaces, and metadata of the storage units to find hidden malware and evidence of malice. Identify the cloud security incident handled by Michael. Application-related incident Network-related incident Storage-related incident Server-related incident . James, a professional hacker, targeted to exploit the cloud services employed by an organization. In order to achieve this, he created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? Data breach/loss Insecure interface and APIs Abuse and nefarious use of cloud services Insufficient due diligence . Alice is a disgruntled employee of an organization. She decided to acquire critical information of the organization for some financial benefit. In order to achieve this, she started running a virtual machine on the same physical host as the victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario. Man-in-the-cloud attack SQL injection attack Side channel attack Service hijacking . Which of the following is not a countermeasure to eradicate cloud security incidents? Disable security options such as two factor authentication and CAPTCHA Remove the malware files and traces from the affected components Patch the database vulnerabilities and improve the isolation mechanism Check for data protection at both design and runtime . An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of maintenance. The organization identified various risks and threats associated with cloud service adoption and migrating business-critical data to third-party systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats. Which of the following tools help the organization to secure the cloud resources and services? Alert Logic Burp Suite Nmap Wireshark . Which of the following tools helps incident responders to effectively contain the potential cloud security incident and gather required forensic evidence? Qualys Cloud Platform CloudPassage Quarantine Alert Logic CloudPassage Halo . Who Is mainly responsible for providing proper network services and handling network-related Incidents in all the cloud service models? Cloud consumer Cloud brokers Cloud service provider Cloud auditor . For analyzing the system, the browser data can be used to access various credentials. Which of the following tools is used to analyze the history data fites in Microsoft Edge browser? MZHistoryView MZCacheView BrowsingHistoryView ChromeHistoryView . Which of the following is NOT a best practice to eliminate the possibility of insider attacks? Disable the users from installing unauthorized software or accessing malicious websites using the corporate network Always leave business details over voicemail or email broadcast message Monitor employee behaviors and the computer systems used by employees Implement secure backup and disaster recovery processes for business continuity. Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene. Which of the following elements he must consider while collecting physical evidence? DNS information including domain and subdomains Published name servers and web application source code Open ports, services, and operating system (OS) vulnerabilities Removable media, cable, and publications. Alex is an incident handler for Tech-o-Tech Inc. and he is intended to identify any possible insider threats in his organization. Which of the following insider threat detection techniques can be used by him to detect insider threats based on the behavior of a doubtful employee both individually and in a group? Physical detection Behavioral analysis Profiling Mole detection . Ikeo Corp. has hired an incident response team to assess the enterprise security. As a part of incident handling and response process, the IR team is reviewing the present security policies implemented by the enterprise. The IR team finds out that employees of the organization do NOT have any restrictions on Internet access, which means that they are allowed to visit any site, download any application, and access a computer or a network from a remote location. Considering this as a main security threat, the IR team plans to change this policy as it can be easily exploited by the attackers. Identify the security policy that the IR team is planning to modify. Promiscuous policy Paranoid policy Permissive policy Prudent policy . Adam is an incident handler who is intended to use DBCC LOG command to analyze database and retrieve the active transaction log files for the specified database. The syntax of ODBCC LOG command is DBCC LOG(<databasename >, <output >), where the output parameter specifies the level of information an incident handler wants to retrieve. If Adam wants to retrieve full information on each operation along with the hex dump of current transaction row, which of the following output parameters should Adam use? 1 2 3 4. Eric works as a system administrator in ABC organization. He granted privileged users with unlimited permissions to access the systems. These privileged users can misuse their rights unintentionally or maliciously or attackers can trick them to perform malicious activities. Which of the following guidelines helps incident handlers to eradicate insider attacks by privileged users? Do not enable the default administrative accounts to ensure accountability Do not control the access to administrators and privileged users Do not use encryption methods to prevent administrators and privileged users from accessing backup tapes and sensitive information Do not allow administrators to use unique accounts during the installation process . In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency? Compromised insider Malicious insider Negligent insider Professional insider. |
Report abuse