Refer to the exhibit.

Which two actions should be taken as a result of this information? (Choose two.)

• A.Update the AV to block any file with hash "cf2b3ad32a8a4cfb05e9dfc45875bd70".
• B.Block all emails sent from an @state.gov address.
• C.Block all emails with pdf attachments.
• D.Block emails sent from [email protected] with an attached pdf file with md5 hash
  "cf2b3ad32a8a4cfb05e9dfc45875bd70".
• E.Block all emails with subject containing "cf2b3ad32a8a4cfb05e9dfc45875bd70".

Comment: *

Name: *

Email: *

Verification: *

Forensics Techniques]What is the transmogrify anti-forensics technique?

• A.hiding a section of a malicious file in unused areas of a file
• B.sending malicious files over a public network by encapsulation
• C.concealing malicious files in ordinary or unsuspecting places
• D.changing the file header of a malicious file to another file type

Comment: *

Name: *

Email: *

Verification: *

An employee receives an email from a "trusted" person containing a hyperlink that is malvertising. The employee clicks the link and the malware downloads. An information analyst observes an alert at the SIEM and engages the cybersecurity team to conduct an analysis of this incident in accordance with the incident response plan. Which event detail should be included in this root cause analysis?

• A.phishing email sent to the victim
• B.alarm raised by the SIEM
• C.information from the email header
• D.alert identified by the cybersecurity team

Comment: *

Name: *

Email: *

Verification: *

What is a concern for gathering forensics evidence in public cloud environments?

• A.High Cost: Cloud service providers typically charge high fees for allowing cloud forensics.
• B.Configuration: Implementing security zones and proper network segmentation.
• C.Timeliness: Gathering forensics evidence from cloud service providers typically requires substantial time.
• D.Multitenancy: Evidence gathering must avoid exposure of data from other tenants.

Comment: *

Name: *

Email: *

Verification: *

A cybersecurity analyst must identify an unknown service causing high CPU on a Windows server. What tool should be used?

• A.Volatility to analyze memory dumps for forensic investigation
• B.Process Explorer from the Sysinternals Suite to monitor and examine active processes
• C.TCPdump to capture and analyze network packets
• D.SIFT (SANS Investigative Forensic Toolkit) for comprehensive digital forensics

Comment: *

Name: *

Email: *

Verification: *