Which of the following is the FIRST step taken to maintain the chain of custody in a forensic investigation?
Which two mitigation strategies can prevent an attack delivered via malware? (Choose two.)
A Linux system administrator found suspicious activity on host IP 192.168.10.121. This host is also establishing a connection to IP 88.143.12.123. Which of the following commands should the administrator use to capture only the traffic between the two hosts?
How does encryption work to protect information on remote workers' computers?
A company has noticed a trend of attackers gaining access to corporate mailboxes. Which of the following
would be the BEST action to take to plan for this kind of attack in the future?
A system administrator has been tasked with developing highly detailed instructions for patching managed assets using the corporate patch management solution. These instructions are an example of which of the following?
Which of the following data sources could provide indication of a system compromise involving the exfiltration of data to an unauthorized destination?
While planning a vulnerability assessment on a computer network, which of the following is essential? (Choose two.)
The Key Reinstallation Attack (KRACK) vulnerability is specific to which types of devices? (Choose two.)
A secretary receives an email from a friend with a picture of a kitten in it. The secretary forwards it to the
~COMPANYWIDE mailing list and, shortly thereafter, users across the company receive the following message:
“You seem tense. Take a deep breath and relax!”
The incident response team is activated and opens the picture in a virtual machine to test it. After a short analysis, the following code is found in C:
\Temp\chill.exe:Powershell.exe –Command “do {(for /L %i in (2,1,254) do shutdown /r /m Error! Hyperlink reference not valid.> /f /t / 0 (/c “You seem tense. Take a deep breath and relax!”);Start-Sleep –s 900) } while(1)”
Which of the following BEST represents what the attacker was trying to accomplish?
