Which of the following actions should be done by the incident response team after completing the recovery phase of the cyber incident caused by malware?
Which two answer options are the BEST reasons to conduct post-incident reviews after an incident occurs in an organization? (Choose two.)
An organization was recently hit with a ransomware attack that encrypted critical documents and files that were stored on the corporate file server.
Which of the following provides the organization with the BEST chance for recovering their data?
A company that maintains a public city infrastructure was breached and information about future city projects was leaked. After the post-incident phase of the process has been completed, which of the following would be
PRIMARY focus of the incident response team?
A Windows system administrator has received notification from a security analyst regarding new malware that executes under the process name of “armageddon.exe” along with a request to audit all department workstations for its presence. In the absence of GUI-based tools, what command could the administrator execute to complete this task?
Which of the following methods are used by attackers to find new ransomware victims? (Choose two.)
Which of the following could be useful to an organization that wants to test its incident response procedures without risking any system downtime?
If a hacker is attempting to alter or delete system audit logs, in which of the following attack phases is the hacker involved?
During the forensic analysis of a compromised computer image, the investigator found that critical files are missing, caches have been cleared, and the history and event log files are empty. According to this scenario, which of the following techniques is the suspect using?
Which of the following is a method of reconnaissance in which a ping is sent to a target with the expectation of receiving a response?
