A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an authorized user is logged into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network.

Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?

• A.Deny the "unknown" host because the hostname is not known and MAC filtering is not applied to this host.
• B.Conduct a ping sweep of each of the authorized systems and see if an echo response is received.
• C.Apply MAC filtering and see if the router drops any of the systems.
• D.Physically check each of the authorized systems to determine if they are logged onto the network.

Comment: *

Name: *

Email: *

Verification: *

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.

Correct Answer:

Explanation:
When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts.
Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation.

Comment: *

Name: *

Email: *

Verification: *

A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?

• A.MD5
• B.AES
• C.SHA-1
• D.3DES

Comment: *

Name: *

Email: *

Verification: *

A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief information Ofcer (CID) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing?

• A.System hardening
• B.Base lining
• C.Mandatory access control
• D.Control diversity

Comment: *

Name: *

Email: *

Verification: *

A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows:

Which of the following adjustments would be the MOST appropriate for the service account?

• A.Set the maximum password age to 15 days
• B.Set the minimum password age to seven days
• C.Increase password length to 18 characters
• D.Disable account lockouts

Comment: *

Name: *

Email: *

Verification: *