問題1
Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?
Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題2
After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to extract information such as sender identity, mail server, sender's IP address, location, and so on.
Which of the following tools Harry must use to perform this task?
After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to extract information such as sender identity, mail server, sender's IP address, location, and so on.
Which of the following tools Harry must use to perform this task?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題3
In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized?
In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題4
An international insurance provider observed a sharp rise in endpoint infections across geographically dispersed offices. The IR team correlated the infections with recent access to a series of trusted informational websites visited during routine research activities. After cross-referencing network telemetry and endpoint logs, analysts uncovered that these sites had been covertly altered by threat actors to include obfuscated scripts that launched on page render. Upon visiting the tampered content, a series of exploit chains were executed, targeting unpatched vulnerabilities in rendering engines of commonly used client applications. The malicious code was injected directly into volatile memory, allowing the payload to operate stealthily without initiating file creation events or prompting user interaction. Security tools failed to detect the compromise in real time due to the absence of conventional indicators such as user-triggered executions or external file transfers. Which web-based malware delivery technique is MOST consistent with the described attack?
An international insurance provider observed a sharp rise in endpoint infections across geographically dispersed offices. The IR team correlated the infections with recent access to a series of trusted informational websites visited during routine research activities. After cross-referencing network telemetry and endpoint logs, analysts uncovered that these sites had been covertly altered by threat actors to include obfuscated scripts that launched on page render. Upon visiting the tampered content, a series of exploit chains were executed, targeting unpatched vulnerabilities in rendering engines of commonly used client applications. The malicious code was injected directly into volatile memory, allowing the payload to operate stealthily without initiating file creation events or prompting user interaction. Security tools failed to detect the compromise in real time due to the absence of conventional indicators such as user-triggered executions or external file transfers. Which web-based malware delivery technique is MOST consistent with the described attack?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題5
Lara, a SOC analyst, investigates multiple alerts generated by an IDS showing repeated login failures from a specific workstation to an internal application. When reviewing Windows Event Viewer logs, she discovers a user repeatedly attempting logins outside of working hours. Further checks reveal the user had installed an unauthorized remote desktop tool. Which of the following best describes this situation?
Lara, a SOC analyst, investigates multiple alerts generated by an IDS showing repeated login failures from a specific workstation to an internal application. When reviewing Windows Event Viewer logs, she discovers a user repeatedly attempting logins outside of working hours. Further checks reveal the user had installed an unauthorized remote desktop tool. Which of the following best describes this situation?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題6
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題7
Sophia, an incident handler at a cloud hosting provider, is investigating reports of intermittent web server slowdowns and timeouts. Upon analyzing router logs, she finds an unusually high number of incomplete connection attempts, causing the server's memory and CPU resources to spike. Suspecting a form of resource exhaustion attack, she applies a protective configuration to the router that allows it to validate connection requests before they reach the server. Soon after this change, the number of partial connections decreases, and the server regains stable performance. What was the purpose of this action?
Sophia, an incident handler at a cloud hosting provider, is investigating reports of intermittent web server slowdowns and timeouts. Upon analyzing router logs, she finds an unusually high number of incomplete connection attempts, causing the server's memory and CPU resources to spike. Suspecting a form of resource exhaustion attack, she applies a protective configuration to the router that allows it to validate connection requests before they reach the server. Soon after this change, the number of partial connections decreases, and the server regains stable performance. What was the purpose of this action?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題8
Which of the following is NOT a network forensic tool?
Which of the following is NOT a network forensic tool?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題9
Which stage of the incident response and handling process involves auditing the system and network log files?
Which stage of the incident response and handling process involves auditing the system and network log files?
正確答案: D
說明:(僅 NewDumps 成員可見)