Quiz Summary
0 of 60 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 60 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 60
1. Question
A company’s database has been breached, and the attackers have gained access to sensitive data. The incident response team has successfully contained the attack and identified the vulnerabilities that allowed the breach to occur. What is the appropriate next step in the eradication and recovery process?
CorrectIncorrect -
Question 2 of 60
2. Question
In an organization, a malware attack has caused significant damage to the system, and the incident response team has decided to reconstitute the resources. What should the team do FIRST in the reconstitution process?
CorrectIncorrect -
Question 3 of 60
3. Question
A company’s database has been infected with ransomware, and the incident response team has decided to reconstitute the resources. What should the team do before restoring the data from backups?
CorrectIncorrect -
Question 4 of 60
4. Question
A company’s website has been hit by a DDoS attack, causing it to go offline. Which of the following incident response procedures is most appropriate for restoring the company’s website?
CorrectIncorrect -
Question 5 of 60
5. Question
A company’s database has been compromised, resulting in the theft of customer data. Which of the following incident response procedures is MOST appropriate for restoring the company’s customer trust?
CorrectIncorrect -
Question 6 of 60
6. Question
A security incident occurred in an organization, and the incident response team successfully eradicated the threat. What is the NEXT appropriate step in the incident response process?
CorrectIncorrect -
Question 7 of 60
7. Question
A company has suffered a data breach in which sensitive customer information was stolen. The incident response team has completed its investigation, and they need to decide how to handle the evidence that was collected. What should they do with the evidence?
CorrectIncorrect -
Question 8 of 60
8. Question
A company’s system administrator has identified a suspicious file on a server that was previously compromised by a hacker. The system administrator has removed the file from the server and is now required to retain the evidence for further analysis. Which of the following is the appropriate incident response procedure in this situation?
CorrectIncorrect -
Question 9 of 60
9. Question
A company experienced a data breach that compromised sensitive customer information, and the incident response team successfully contained and recovered from the breach. As part of the post-incident activities, the incident response team wants to create a lessons-learned report. Which of the following is the primary goal of the lessons learned report?
CorrectIncorrect -
Question 10 of 60
10. Question
A company has recently experienced a data breach and the incident response team has identified that the root cause was a misconfiguration of access controls. The team has determined that a change control process needs to be implemented to prevent similar incidents from occurring. What is the appropriate post-incident activity that should be carried out to implement the change control process?
CorrectIncorrect -
Question 11 of 60
11. Question
A company’s incident response team has just completed its investigation of a data breach that occurred due to a vulnerability in its software. The team has determined that the software needs to be patched to prevent future incidents. What is the appropriate post-incident activity that should be carried out to ensure the software is properly updated?
CorrectIncorrect -
Question 12 of 60
12. Question
After successfully mitigating a ransomware attack, an incident response team has identified areas in their incident response plan that could be improved to prevent future incidents. What should be the NEXT step in their incident response procedure?
CorrectIncorrect -
Question 13 of 60
13. Question
In the aftermath of a data breach incident, an organization’s incident response team realizes that its current incident response plan does not address some of the newly discovered attack vectors. What should be the NEXT step in their incident response procedure?
CorrectIncorrect -
Question 14 of 60
14. Question
After resolving a security incident, a security team has identified several areas for improvement in their incident response process. What is the appropriate post-incident activity for the team to perform NEXT?
CorrectIncorrect -
Question 15 of 60
15. Question
During an incident response investigation, a security analyst has completed containment, eradication, and recovery procedures. What is the appropriate post-incident activity that the analyst should perform NEXT?
CorrectIncorrect -
Question 16 of 60
16. Question
A company’s network was recently breached, and the incident response team has contained the threat and removed the malicious files. What should be the next step in the post-incident activity?
CorrectIncorrect -
Question 17 of 60
17. Question
A company recently experienced a data breach that exposed customer data. The incident response team has successfully contained the breach, and the next step is to perform post-incident activities. What is the appropriate step for generating IoCs?
CorrectIncorrect -
Question 18 of 60
18. Question
What is the main benefit of implementing continuous monitoring during post-incident activities?
CorrectIncorrect -
Question 19 of 60
19. Question
During post-incident activities, what is the purpose of monitoring the network?
CorrectIncorrect -
Question 20 of 60
20. Question
A security analyst notices a sudden increase in network bandwidth usage, which is unusual for this time of day. Upon further investigation, the analyst discovers that a large number of machines are communicating with an external IP address that is not associated with any authorized business activity. Which of the following is the most likely indicator of compromise?
CorrectIncorrect -
Question 21 of 60
21. Question
A company is experiencing slow network performance and increased latency. During the investigation, the security team identifies an unusually high amount of data being transmitted to a specific IP address. Which of the following is the MOST likely indicator of compromise?
CorrectIncorrect -
Question 22 of 60
22. Question
A security analyst notices unusual network activity on the organization’s network. The analyst reviews network traffic and identifies a high number of small, periodic communications between an internal host and an external IP address. This communication pattern has persisted for several days. What indicator of compromise does this behavior suggest?
CorrectIncorrect -
Question 23 of 60
23. Question
A security analyst is monitoring network traffic and notices a significant amount of data being transferred between two endpoints on the network that typically do not communicate with each other. The communication occurs at irregular intervals and is encrypted. What is a potential indicator of compromise?
CorrectIncorrect -
Question 24 of 60
24. Question
A company has a strict policy that only authorized devices are allowed on the network. A network administrator has discovered an unauthorized device on the network and suspects it could be a rogue device. Which of the following would be an indicator of a rogue device on the network?
CorrectIncorrect -
Question 25 of 60
25. Question
A security analyst has noticed suspicious network activity in which an unknown device is communicating with a few other devices on the network. Further investigation reveals that the device has been connected to the network without the knowledge of the IT team. What is the potential indicator of compromise in this scenario?
CorrectIncorrect -
Question 26 of 60
26. Question
A security analyst notices a sudden increase in network traffic on a specific port. Upon further investigation, they discover that the traffic is coming from an external IP address and is targeting a specific internal host. What could be the potential indicator of compromise?
CorrectIncorrect -
Question 27 of 60
27. Question
A security analyst is investigating a potential compromise on a server in the corporate network. Upon review of the server logs, the analyst notices a significant spike in processor consumption over the past few days. Which of the following is the MOST likely indicator of compromise?
CorrectIncorrect -
Question 28 of 60
28. Question
An employee reports that their workstation is running very slow and freezing frequently. The security team investigates and finds that the processor consumption on the workstation is unusually high. Which of the following is the MOST likely indicator of compromise?
CorrectIncorrect -
Question 29 of 60
29. Question
An organization’s IT team receives an alert that a workstation is consuming an unusually high amount of memory. The workstation is used by a user in the finance department and contains sensitive financial information. The IT team suspects that the workstation may be compromised. Which of the following could be a potential indicator of compromise related to the workstation’s memory consumption?
CorrectIncorrect -
Question 30 of 60
30. Question
During a routine scan, a security analyst notices that one of the company’s web servers is consuming an abnormally high amount of memory. The server hosts a web application that has been known to have vulnerabilities in the past. The analyst suspects that the server may have been compromised. Which of the following is the MOST likely cause of the high memory consumption on the web server?
CorrectIncorrect -
Question 31 of 60
31. Question
A security analyst notices that the available storage space on a server has decreased significantly over the past few days. The server hosts sensitive data and it’s crucial to identify the cause of the problem. After investigating, the analyst finds that the server’s logs show a large number of file access requests that started around the time the storage space began decreasing. What potential indicator of compromise does this scenario suggest?
CorrectIncorrect -
Question 32 of 60
32. Question
You are analyzing the memory usage of a workstation and notice that the system’s available memory has been decreasing steadily over the past few hours. What could be the potential indicator of compromise?
CorrectIncorrect -
Question 33 of 60
33. Question
During a routine security audit, you notice a process running on a critical server that you do not recognize. Upon further investigation, you find that the process has been running for several weeks and is using a significant amount of resources. Which of the following is the MOST likely indicator of compromise in this scenario?
CorrectIncorrect -
Question 34 of 60
34. Question
A security analyst is reviewing logs from a company’s endpoint protection system and notices that a user has installed a software package that is not included in the list of approved applications. The software was installed using an administrator account, but the user did not notify the IT department or follow proper procedures for software installation. Which of the following BEST describes the potential indicator of compromise in this scenario?
CorrectIncorrect -
Question 35 of 60
35. Question
During a routine security audit, an administrator notices that a new user account has been created with full administrative privileges on a critical server. The account was not requested or authorized by anyone in the organization. Which of the following is the MOST likely explanation for this indicator of compromise?
CorrectIncorrect -
Question 36 of 60
36. Question
An organization’s security team discovers a suspicious process running on an employee’s computer. The process was found to have elevated privileges and was using network resources to communicate with a command and control server. Which of the following is the MOST likely explanation for this indicator of compromise?
CorrectIncorrect -
Question 37 of 60
37. Question
You are examining a Linux server that has been experiencing unusual activity. Upon further investigation, you find that the crontab has been modified to run a suspicious process every minute. Additionally, the process is running with root privileges. What is a potential indicator of compromise in this scenario?
CorrectIncorrect -
Question 38 of 60
38. Question
A company’s security analyst noticed that a file on a user’s computer had been modified and renamed with a .exe extension. Upon further investigation, it was discovered that the file was a malicious software that was sending sensitive data to an external server. Which of the following could be a potential indicator of compromise related to file system changes or anomalies?
CorrectIncorrect -
Question 39 of 60
39. Question
A company’s server admin noticed unusual activity on a file server. Upon investigation, they discovered that some files had been accessed and modified without authorization. Which of the following could be a potential indicator of compromise related to file system changes or anomalies?
CorrectIncorrect -
Question 40 of 60
40. Question
During a routine security check, an analyst discovers a scheduled task on a Windows server that they don’t recognize. The task is set to run a script every night at midnight. What is the potential indicator of compromise?
CorrectIncorrect -
Question 41 of 60
41. Question
A company’s financial application is behaving strangely. Transactions are taking much longer than usual to complete, and the system is generating unusual error messages. Upon investigation, the security analyst discovers that the system is processing a large number of transactions from an unexpected IP address. What potential indicator of compromise does this scenario describe?
CorrectIncorrect -
Question 42 of 60
42. Question
A company’s IT team receives a report from an employee about a suspicious email they received that contained a link to a website. Upon investigation, the IT team discovers that the website contained malware that was designed to steal login credentials. Further analysis reveals that several new user accounts were created on the company’s server around the same time the email was received. What is the MOST likely indicator of compromise (IoC) in this scenario?
CorrectIncorrect -
Question 43 of 60
43. Question
You are a network analyst working for a financial services firm. You have been asked to investigate suspicious network activity that may be related to a data breach. You suspect that a particular workstation may be the source of the activity. Which of the following would be the MOST appropriate use of Wireshark in this situation?
CorrectIncorrect -
Question 44 of 60
44. Question
A company is investigating a suspected data exfiltration incident. The incident response team has decided to use Wireshark to capture network traffic and analyze it for any signs of unauthorized data transfer. While analyzing the packet capture, they notice several packets containing sensitive information that are being sent to an external IP address. What could be a possible course of action in this scenario?
CorrectIncorrect -
Question 45 of 60
45. Question
You work as a security analyst for a large corporation. You receive a report that one of the company’s servers has been compromised. You have physical access to the server and want to perform a packet capture using Wireshark to identify potential malicious traffic. Which of the following is the MOST appropriate way to capture network traffic in this scenario?
CorrectIncorrect -
Question 46 of 60
46. Question
You suspect that a host on your network has been infected with malware, and you need to capture the network traffic to analyze it for any unusual or malicious activity. Which of the following tcpdump commands should you use to capture all network traffic to and from the host?
CorrectIncorrect -
Question 47 of 60
47. Question
In an incident response investigation, you are tasked with capturing network traffic to determine the source of a suspected attack. Which of the following commands should you use to capture and analyze network traffic in real-time using tcpdump?
CorrectIncorrect -
Question 48 of 60
48. Question
In response to a security incident, you have been tasked with capturing network traffic on your organization’s web server. Which of the following tcpdump command options will capture traffic for all network interfaces?
CorrectIncorrect -
Question 49 of 60
49. Question
You suspect that an attacker is trying to use a network vulnerability to gain unauthorized access to your organization’s database server. Which tcpdump command option would be most useful in capturing traffic related to this activity?
CorrectIncorrect -
Question 50 of 60
50. Question
In investigating a suspected data breach on an endpoint, a digital forensics analyst uses a disk imaging tool to make a copy of the hard drive. What is the primary advantage of this technique in the investigation process?
CorrectIncorrect -
Question 51 of 60
51. Question
During a forensic investigation, you suspect that a malware infection has occurred on an endpoint. Which of the following memory analysis techniques would be most useful in this scenario?
CorrectIncorrect -
Question 52 of 60
52. Question
A company’s security team is investigating an incident involving a lost company-owned smartphone that contains sensitive company data. The team wants to recover any data that may be present on the device. Which of the following digital forensic techniques is MOST appropriate in this scenario?
CorrectIncorrect -
Question 53 of 60
53. Question
A company uses a cloud-based storage solution to store sensitive customer data. The IT team receives an alert that unauthorized access was attempted. You are tasked with investigating the incident using basic digital forensics techniques. Which of the following techniques is the MOST appropriate for this scenario?
CorrectIncorrect -
Question 54 of 60
54. Question
A company has a virtualized environment that runs multiple virtual machines (VMs) on a single physical server. The IT department receives an alert that one of the VMs has been communicating with a known malicious IP address. The IT department decides to investigate the virtual machine’s network traffic to identify any indicators of compromise. Which digital forensics technique is being used here?
CorrectIncorrect -
Question 55 of 60
55. Question
A law enforcement agency has seized a suspect’s laptop during a raid. The laptop is believed to contain evidence related to a cybercrime investigation. What digital forensics technique should the agency utilize to preserve the data on the laptop?
CorrectIncorrect -
Question 56 of 60
56. Question
A company is being sued by a former employee for wrongful termination. The company is under a legal obligation to preserve all relevant digital data for the duration of the lawsuit. Which of the following digital forensics techniques should the company utilize to comply with this legal hold?
CorrectIncorrect -
Question 57 of 60
57. Question
A company’s security team has been alerted to a potential security incident involving an employee who may have been involved in unauthorized activities. What digital forensics technique should the security team utilize to investigate the incident’s procedures?
CorrectIncorrect -
Question 58 of 60
58. Question
During an investigation, a forensic analyst needs to ensure the integrity of the collected data. Which of the following techniques can be used to achieve this goal?
CorrectIncorrect -
Question 59 of 60
59. Question
During a digital forensic investigation, you come across a damaged hard drive that may contain evidence relevant to the case. You decide to use carving to recover any files that may still be intact. Which of the following is a correct statement about carving?
CorrectIncorrect -
Question 60 of 60
60. Question
You are tasked with acquiring data from a USB drive that may have been used in a cyber attack. Which of the following steps should you take FIRST before acquiring the data?
CorrectIncorrect