Which of the following terms may be defined as “a measure of possible inability to achieve a goal,objective, or ...


A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a singlesystem is target ...


The goal of incident response is to handle the incident in a way that minimizes damage and reducesrecovery time a ...


An organization faced an information security incident where a disgruntled employee passed sensitiveaccess contro ...


Business continuity is defined as the ability of an organization to continue to function even after adisastrous e ...


The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident ...


Which of the following is an appropriate flow of the incident recovery steps.


A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer securit ...


Identify the network security incident where intended authorized users are prevented from using system, network, ...


Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the ...


Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted ...


Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the lo ...


An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Id ...


Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the ...


An audit trail policy collects all audit trails such as series of records of computer events, about an operating ...


Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equip ...


Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following ...


Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any dig ...


The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ servi ...


A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized fun ...


US CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting cate ...


Identify a standard national process which establishes a set of activities, general tasks and a management struc ...


Policies are designed to protect the organizational resources on the network by establishing the set rules and p ...


When an employee is terminated from his or her job, what should be the next immediate step taken by an organizat ...


A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source ...


In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical cont ...


Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identif ...


An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the ...


Which among the following CERTs is an Internet provider to higher education institutions and various other resea ...


One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical ...


Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment deter ...


Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with ...


Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Ever ...


The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the m ...


Which policy recommends controls for securing and tracking organizational resources:


Which one of the following is the correct sequence of flow of the stages in an incident response:


Organizations or incident response teams need to protect the evidence for any future legal actions that may be t ...


Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following ...


The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident r ...


In a qualitative risk analysis, risk is calculated in terms of:


A computer virus hoax is a message warning the recipient of non existent computer virus. The message is usually ...


In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with ...


ADAM, an employee from a multinational company, uses his company’s accounts to send e mails to a third pa ...


A security policy will take the form of a document or a collection of documents, depending on the situation or u ...


An access control policy authorized a group of users to perform a set of actions on a set of resources. Access t ...


Computer viruses are malicious software programs that infect computers and corrupt or delete the data on them. I ...


The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT ...


Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber crime investigator, is aske ...


An estimation of the expected losses after an incident helps organization in prioritizing and formulating their ...


Which of the following incidents are reported under CAT 5 federal agency category.


One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers&rs ...


A computer forensic investigator must perform a proper investigation to protect digital evidence. During the inv ...


Incident management team provides support to all users in the organization that are affected by the threat or at ...


A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and ov ...


Based on the some statistics; what is the typical number one top incident.


An adversary attacks the information resources to gain undue advantage is called:


An assault on system security that is derived from an intelligent threat is called:


The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called: ...


The largest number of cyber attacks are conducted by:


The sign of incident that may happen in the future is called:


Incidents such as DDoS that should be handled immediately may be considered as:


Total cost of disruption of an incident is the sum of


Incident prioritization must be based on:


An information security incident is


Which of the following can be considered synonymous:


If the loss anticipated is greater than the agreed upon threshold; the organization will:


A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is c ...


Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :


Absorbing minor risks while preparing to respond to major ones is called:


The left over risk after implementing a control is called:


Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Ad ...


What is correct about Quantitative Risk Analysis:


Which of the following is a risk assessment tool:


In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the r ...


Performing Vulnerability Assessment is an example of a:


The correct sequence of Incident Response and Handling is:


Preventing the incident from spreading and limiting the scope of the incident is known as:


What is the best staffing model for an incident response team if current employees’ expertise is very low. ...


The correct sequence of incident management process is:


Incident response team must adhere to the following:


Which of the following is an incident tracking, reporting and handling tool:


Removing or eliminating the root cause of the incident is called:


Which of the following is a correct statement about incident management, handling and response:


Incident Response Plan requires


The service organization that provides 24x7 computer security incident response services to any user, company, g ...


The main feature offered by PGP Desktop Email is:


Which of the following service(s) is provided by the CSIRT:


The role that applies appropriate technology and tries to eradicate and recover from the incident is known as: ...


CERT members can provide critical support services to first responders such as:


The region where the CSIRT is bound to serve and what does it and give service to is known as:


The program that helps to train people to be better prepared to respond to emergency situations in their communi ...


CSIRT can be implemented at:


The typical correct sequence of activities used by CSIRT when handling a case is:


Common name(s) for CSIRT is(are)


An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensiti ...


The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many indus ...


Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irri ...


Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without ...


To respond to DDoS attacks; one of the following strategies can be used:


The very well known free open source port, OS and service scanner and network discovery utility is called:


In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target dir ...


The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule driven language ...


A Malicious code attack using emails is considered as:


They type of attack that prevents the authorized users to access networks, systems, or applications by exhaustin ...


A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to pro ...


___________________ record(s) user’s typing.


Which of the following is a characteristic of adware.


________________ attach(es) to files


A self replicating malicious code that does not alter files but resides in active memory and duplicates itself, ...


A malicious security breaking code that is disguised as any useful program that installs an executable programs ...


The message that is received and requires an urgent action and it prompts the recipient to delete certain files ...


The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by s ...


The Malicious code that is installed on the computer without user’s knowledge to acquire information from ...


A software application in which advertising banners are displayed while the program is running that delivers ads ...


A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the wor ...


The main difference between viruses and worms is:


The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e mail could ...


Which of the following is NOT one of the common techniques used to detect Insider threats:


Which of the following is NOT one of the techniques used to respond to insider threats:


Authorized users with privileged access who misuse the corporate informational assets and directly affects the c ...


Keyloggers do NOT:


Which is the incorrect statement about Anti keyloggers scanners:


The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools ...


Insiders understand corporate business functions. What is the correct sequence of activities performed by Inside ...


Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:


Insiders may be:


Which of the following may be considered as insider threat(s):


Lack of forensic readiness may result in:


The state of incident response preparedness that enables an organization to maximize its potential to use digita ...


Which of the following is NOT a digital forensic analysis tool:


The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk de ...


What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP ad ...


The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence ...


To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evide ...


Any information of probative value that is either stored or transmitted in a digital form during a computer crim ...


Digital evidence must:


Which of the following is NOT one of the Computer Forensic types:


The correct order or sequence of the Computer Forensic processes is:


The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is k ...


Electronic evidence may reside in the following:


A methodical series of techniques and procedures for gathering evidence, from computing equipment and various st ...


Incidents are reported in order to:


According to US CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within: ...


Agencies do NOT report an information security incident is because of:


Incident may be reported using/ by:


To whom should an information security incident be reported.


The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage ...


Business Continuity planning includes other plans such as:


Which test is conducted to determine the incident recovery procedures effectiveness.


Business Continuity provides a planning methodology that allows continuity in business operations:


The ability of an agency to continue to function even after a disastrous event, accomplished through the deploym ...


The steps followed to recover computer systems after an incident are:


The policy that defines which set of events needs to be logged in order to capture and review the important data ...


An information security policy must be:


The product of intellect that has commercial value and includes copyrights and trademarks is called:


The most common type(s) of intellectual property is(are):


Ensuring the integrity, confidentiality and availability of electronic protected health information of a patient ...


According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s &ldq ...


Bit stream image copy of the digital evidence must be performed in order to:


According to the Evidence Preservation policy, a forensic investigator should make at least .................... ...


A living high level document that states in writing a requirement and directions on how an agency plans to prote ...