NO.79 Chandler is a professional hacker who is targeting an organization called Technote. He wants to obtain important organizational information that is being transmitted between different hierarchies. In the process, he sniffs the data packets transmitted through the network and then analyzes them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications.
Which of the following tools can Chandler employ to perform packet analysis?

NO.80 Which of the following GPG 18 and Forensic readiness planning (SPF) principles states that “organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business”?

NO.81 A US Federal Agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to the agency’s reporting timeframe guidelines, this incident should be reported within 2h of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity.
Which incident category of US Federal Agency does this incident belong to?

NO.82 Which of the following tools helps incident handlers to view the file system, retrieve deleted data, perform timeline analysis, web artifacts, etc., during an incident response process?

NO.83 XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the root cause of the incident is a backdoor that has bypassed the security perimeter due to an existing vulnerability in the deployed firewall. James had contained the spread of the infection and removed the malware completely. Now the organization asked him to perform incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident.
Which of the following stages in IH&R process is James working on?

NO.84 Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis in order to detect traces of malicious activities within the network infrastructure.
Which of the following tools Drake must employ in order to view logs in real time and identify malware propagation within the network?

NO.85 Ikeo Corp.hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current se cunty policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any appl cation, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers.
Which of the following security policies is the IR team planning to modify?

NO.86 Removing or eliminating the root cause of the incident is called:

NO.87 lkeo Corp. has hired an incident response team to assess the enterprise security. As a part of the incident handing and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds out that employees of the organization do not have any restrictions on Internet access, which means that they are allowed to visit any site, download any application, and access a computer or a network from a remote location. Considering this as a main security threat, the IR team plans to change this policy as it can be easily exploited by the attackers. Identify the security policy that the IR team is planning to modify.

NO.88 Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system.
She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.
Identify the static data collection process step performed by Farheen while collecting static data.

NO.89 Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?

NO.90 The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

NO.91 CSIRT can be implemented at:

NO.92 While analyzing a file, Ryan discovered that an attacker used an anti-forensics method, wherein the attacker embedded a hidden message inside an image file.
What type of method is this?

NO.93 The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the
matrix, one can conclude that: