A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

Correct Answer:

Explanation:
When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts.
Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation.

Comment: *

Name: *

Email: *

Verification: *

A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Choose two.)

• A.Use a unique managed service account.
• B.Enable and review account audit logs.
• C.Enforce least possible privileges for the account.
• D.Utilize a generic password for authenticating.
• E.Add the account to the local administrators group.
• F.Use a guest account placed in a non-privileged users group.

Comment: *

Name: *

Email: *

Verification: *

Recently several employees were victims of a phishing email that appeared to originate from the company president. The email claimed the employees would be disciplined if they did not click on a malicious link in the message. Which of the following principles of social engineering made this attack successful?

• A.Scarcity
• B.Spamming
• C.Authority
• D.Social proof

Comment: *

Name: *

Email: *

Verification: *

A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center.
Drag and drop the applicable controls to each asset types?
Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.

Correct Answer:

Explanation

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability?

• A.Calculate the TCO
• B.Calculate the MTBF
• C.Calculate the ALE
• D.Calculate the ARO

Comment: *

Name: *

Email: *

Verification: *