Latest Exam Prep

Q118. Contingency planning enables organizations to develop and maintain effective methods to handle
emergencies. Every organization will have its own specific requirements that the planning should address.
There are five major components of the IT contingency plan, namely supporting information, notification
activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution
plan?

Q119. Digital evidence must:

Q120. The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

Q121. Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:

Q122. One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes before the occurrence or detection of an event or any incident:

Q123. In a qualitative risk analysis, risk is calculated in terms of:

Q124. Introduction of malicious programs on to the device connected to the campus network (Trojan Horse, email bombs, virus, etc.) is called?

Q125. The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

Q126. Jacobi san employee at a firm called Dolphin Investment. While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the c once med authority in his organization. However, this organization currently does not have a ticketing system to address such types of issues.
In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the c once med team about the incident?

Q127. The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

Q128. Which of the following is not a countermeasure to eradicate cloud security incidents?

Q129. Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization’s operation and revenues?

Q130. An organization faced an information security incident where a disgruntled employee passed sensitive access
control information to a competitor. The organization’s incident response manager, upon investigation, found
that the incident must be handled within a few hours on the same day to maintain business continuity and
market competitiveness. How would you categorize such information security incident?

Q131. Which test is conducted to determine the incident recovery procedures effectiveness?

Q132. Which of the following best describes an email issued as an attack medium, in which several messages are sent to a mailbox to cause over fi ow?

Q133. James has been appointed as an incident handing and response (IH&R) team lead and was assigned to build an IH&R plan and his own team in the company. Identify the IH&R process step James is currently working on.

Q134. Otis is an incident handler working in an organization called Delmont. Recently, the organization faced several setbacks in business, whereby its revenues are decreasing. Otis was asked to take charge and look into the matter. While auditing the enterprise security, he found traces of an attack through which proprietary information was stolen from the enterprise network and passed on to their competitors.
Which of the following information se cunty incidents did Delmont face?

Q135. Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

Q136. To effectively describe security incidents, it is necessary to adopt a common set of terminology and to categorize the incidents.
According to ECIH text, in which category would you place an incident that involves illegal file download by a suspected or unknown user?

Q137. Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS).
In case of a malware incident in your customer’s database, who is responsible for eradicating the malicious software?

Q138. Which of the following encoding techniques replaces unusual ASCII characters with “%” followed by the character’s two-digit ASCII code expressed in hexadecimal?

Q139. Which of the following terms refers to vulnerable account management functions, including account update, recovery of forgotten or lost passwords, and password reset, that might weaken valid authentication schemes?