An investigator is examining a copy of an ISO file that is stored in CDFS format.
What type of evidence is this file?

• A.data from a CD copied using Linux system
• B.data from a DVD copied using Windows system
• C.data from a CD copied using Windows
• D.data from a CD copied using Mac-based system

Comment: *

Name: *

Email: *

Verification: *

Drag and drop the elements from the left into the correct order for incident handling on the right.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

Which system monitors local system operation and local network access for violations of a security policy?

• A.systems-based sandboxing
• B.host-based intrusion detection
• C.antivirus
• D.host-based firewall

Comment: *

Name: *

Email: *

Verification: *

Refer to the exhibit. An employee received an email from an unknown sender with an attachment and reported it as a phishing attempt. An engineer uploaded the file to Cuckoo for further analysis. What should an engineer interpret from the provided Cuckoo report?

• A.The file is clean and does not represent a risk.
• B.Win32.polip.a.exe is an executable file and should be flagged as malicious.
• C.Cuckoo cleaned the malicious file and prepared it for usage.
• D.MD5 of the file was not identified as malicious.

Comment: *

Name: *

Email: *

Verification: *

An analyst received an alert on their desktop computer showing that an attack was successful on the host.
After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?

• A.The computer has a HIPS installed on it.
• B.The computer has a NIPS installed on it.
• C.The computer has a HIDS installed on it.
• D.The computer has a NIDS installed on it.

Comment: *

Name: *

Email: *

Verification: *