After imaging a disk as part of an investigation, a forensics analyst wants to hash the image using a tool that supports piecewise hashing. Which of the following tools should the analyst use?
A. md5sum
B. sha256sum
C. md5deep
D. hashdeep
An incident responder has collected network capture logs in a text file, separated by five or more data fields. Which of the following is the BEST command to use if the responder would like to print the file (to terminal/screen) in numerical order?
A. cat | tac
B. more
C. sort –n
D. less
A web server is under a denial of service (DoS) attack. The administrator reviews logs and creates an access control list (ACL) to stop the attack. Which of the following technologies could perform these steps automatically in the future?
A. Intrusion prevention system (IPS)
B. Intrusion detection system (IDS)
C. Blacklisting
D. Whitelisting
While performing routing maintenance on a Windows Server, a technician notices several unapproved Windows Updates and that remote access software has been installed. The technician suspects that a malicious actor has gained access to the system. Which of the following steps in the attack process does this activity indicate?
A. Expanding access
B. Covering tracks
C. Scanning
D. Persistence
Nmap is a tool most commonly used to:
A. Map a route for war-driving
B. Determine who is logged onto a host
C. Perform network and port scanning
D. Scan web applications
Recently, a cybersecurity research lab discovered that there is a hacking group focused on hacking into the computers of financial executives in Company A to sell the exfiltrated information to Company B. Which of the following threat motives does this MOST likely represent?
A. Desire for power
B. Association/affiliation
C. Reputation/recognition
D. Desire for financial gain
It was recently discovered that many of an organization's servers were running unauthorized cryptocurrency mining software. Which of the following assets were being targeted in this attack? (Choose two.)
A. Power resources
B. Network resources
C. Disk resources
D. Computing resources
E. Financial resources
A company website was hacked via the following SQL query:
email, passwd, login_id, full_name FROM members WHERE email = "[email protected]"; DROP TABLE members; ?
Which of the following did the hackers perform?
A. Cleared tracks of [email protected] entries
B. Deleted the entire members table
C. Deleted the email password and login details
D. Performed a cross-site scripting (XSS) attack
A security administrator needs to review events from different systems located worldwide. Which of the following is MOST important to ensure that logs can be effectively correlated?
A. Logs should be synchronized to their local time zone.
B. Logs should be synchronized to a common, predefined time source.
C. Logs should contain the username of the user performing the action.
D. Logs should include the physical location of the action performed.
An incident at a government agency has occurred and the following actions were taken:
-Users have regained access to email accounts
-Temporary VPN services have been removed
-Host-based intrusion prevention system (HIPS) and antivirus (AV) signatures have been updated
-
Temporary email servers have been decommissioned
Which of the following phases of the incident response process match the actions taken?
A.
Containment
B.
Post-incident
C.
Recovery
D. Identification