Join the discussion
Question 122/148
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source.
Identify the step in which different threat sources are defined:
Identify the step in which different threat sources are defined:
Correct Answer: C
Add Comments
- Other Question (148q)
- Q1. The Malicious code that is installed on the computer without user's knowledge to acquire i...
- Q2. A self-replicating malicious code that does not alter files but resides in active memory a...
- Q3. The product of intellect that has commercial value and includes copyrights and trademarks ...
- Q4. Which of the following terms refers to the personnel that the incident handling and respon...
- Q5. A methodical series of techniques and procedures for gathering evidence, from computing eq...
- Q6. Which of the following email security tools can be used by an incident handler to prevent ...
- Q7. An audit trail policy collects all audit trails such as series of records of computer even...
- Q8. ________________ attach(es) to files
- Q9. A user downloaded what appears to be genuine software. Unknown to her, when she installed ...
- Q10. Rossi san incident manager (IM) and his team provides support to all users in the organiza...
- Q11. The USB tool (depicted below) that is connected to male USB Keyboard cable and not detecte...
- Q12. Installing a password cracking tool, downloading pornography material, sending emails to c...
- Q13. Which of the following incidents are reported under CAT -5 federal agency category?...
- Q14. According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must...
- Q15. Incident may be reported using/ by:
- Q16. Which of the following confidentiality attacks do attackers try to lure users by posing th...
- Q17. A malicious security-breaking code that is disguised as any useful program that installs a...
- Q18. Which of the following types of digital evidence is temporarily stored in a digital device...
- Q19. Computer forensics is methodical series of techniques and procedures for gathering evidenc...
- Q20. Which of the following processes is referred to as an approach to respond to the security ...
- Q21. Computer viruses are malicious software programs that infect computers and corrupt or dele...
- Q22. In which of the following stages of the incident handling and response (IH&R) process ...
- Q23. Incident handling and response steps help you to detect, identify, respond and manage an i...
- Q24. Jason is an incident handler dealing with malware incidents. He was asked to perform a mem...
- Q25. After malware is removed from a system and a clean scan is returned, which of the followin...
- Q26. Business Continuity provides a planning methodology that allows continuity in business ope...
- Q27. Oscar receives an email from an unknown source containing his domain name oscar.com. Upon ...
- Q28. ADAM, an employee from a multinational company, uses his company's accounts to send e-mail...
- Q29. The message that is received and requires an urgent action and it prompts the recipient to...
- Q30. Jacobi san employee in Dolphin Investment firm. While he was on his duty, he identified th...
- Q31. Which of the following is the ECIH phase that involves removing or eliminating the root ca...
- Q32. Deleting malicious code and disabling breached user accounts are examples of which of the ...
- Q33. Alexis is working as an incident responder in XYZ organization. She was asked to identify ...
- Q34. An organization faced an information security incident where a disgruntled employee passed...
- Q35. Alexa downloaded a movie file. However, upon execution, it unleashed a dangerous program t...
- Q36. Preventing the incident from spreading and limiting the scope of the incident is known as:...
- Q37. The person who offers his formal opinion as a testimony about a computer crime incident in...
- Q38. Digital evidence must:
- Q39. Alexis an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible ins...
- Q40. A Malicious code attack using emails is considered as:...
- Q41. Tibs on works as an incident responder for MNC based in Singapore. He is investigating a w...
- Q42. Introduction of malicious programs on to the device connected to the campus network (Troja...
- Q43. What is correct about Quantitative Risk Analysis:...
- Q44. The service organization that provides 24x7 computer security incident response services t...
- Q45. Which among the following CERTs is an Internet provider to higher education institutions a...
- Q46. Computer Forensics is the branch of forensic science in which legal evidence is found in a...
- Q47. A computer forensic investigator must perform a proper investigation to protect digital ev...
- Q48. Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions...
- Q49. Business Continuity planning includes other plans such as:...
- Q50. An attacker after performing an attack decided to wipe evidence using artifact wiping tech...
- Q51. Eve is an incident handler in ABC organization. One day, she got a complaint about an emai...
- Q52. Which of the following is an incident tracking, reporting and handling tool:...
- Q53. An attack on a network is BEST blocked using which of the following?...
- Q54. James has been appointed as an incident handing and response (IH&R) team lead and was ...
- Q55. Insiders may be:
- Q56. Which test is conducted to determine the incident recovery procedures effectiveness?...
- Q57. Sam received an alert through an email monitoring tool indicating that their company was t...
- Q58. The process of rebuilding and restoring the computer systems affected by an incident to no...
- Q59. Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to...
- Q60. If the browser does not expire the session when the user fails to logout properly, which o...
- Q61. The data on the affected system must be backed up so that it can be retrieved if it is dam...
- Q62. Authorized users with privileged access who misuse the corporate informational assets and ...
- Q63. Which of the following risk management processes identifies the risks, estimates the impac...
- Q64. Who is mainly responsible for providing proper network services and handling network-relat...
- Q65. Contingency planning enables organizations to develop and maintain effective methods to ha...
- Q66. Incident prioritization must be based on:
- Q67. To effectively describe security incidents, it is necessary to adopt a common set of termi...
- Q68. An incident recovery plan is a statement of actions that should be taken before, during or...
- Q69. Spyware tool used to record malicious user's computer activities and keyboard stokes is ca...
- Q70. Which of the following are malicious software programs that infect computers and corruptor...
- Q71. In which of the following phases of the incident handling and response (IH&R) process ...
- Q72. Identify the malicious program that is masked as a genuine harmless program and gives the ...
- Q73. Which of the following is a correct statement about incident management, handling and resp...
- Q74. Matt is an incident handler working for one of the largest social network companies, which...
- Q75. Which of the following details are included in the evidence bags?...
- Q76. The role that applies appropriate technology and tries to eradicate and recover from the i...
- Q77. Business continuity is defined as the ability of an organization to continue to function e...
- Q78. The flow chart gives a view of different roles played by the different personnel of CSIRT....
- Q79. Which of the following is NOT an image integrity tool?...
- Q80. The free utility which quickly scans Systems running Windows OS to find settings that may ...
- Q81. Alexis an incident handler in QWERTY Company. He identified that an attacker created a bac...
- Q82. Quantitative risk is the numerical determination of the probability of an adverse event an...
- Q83. Michael is a part of the computer incident response team of a company. One of his responsi...
- Q84. An incident handler is analyzing email headers to uncover suspicious emails. Which of the ...
- Q85. As an IT security officer, what is the first step you will take after discovering a succes...
- Q86. A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a...
- Q87. To whom should an information security incident be reported?...
- Q88. Allan performed a reconnaissance attack on his corporate network as part of a red-team act...
- Q89. Elizabeth, working for OBC organization as an incident responder, is assessing the risks f...
- Q90. Which of the following is an attack that occurs when a malicious program causes a user's b...
- Q91. Johnson is an incident handler and is working on a recent web application attack faced by ...
- Q92. Which of the following is NOT a digital forensic analysis tool:...
- Q93. Which of the following is not called volatile data?...
- Q94. Which one of the following is Inappropriate Usage Incidents?...
- Q95. The IDS and IPS system logs indicating an unusual deviation from typical network traffic f...
- Q96. To recover, analyze, and preserve computer and related materials in such a way that it can...
- Q97. Which of the following is NOT a network forensic tool?...
- Q98. Malicious downloads that result from malicious office documents being manipulated are caus...
- Q99. Agencies do NOT report an information security incident is because of:...
- Q100. You area systems administrator for a company. You are accessing your fileserver remotely f...
- Q101. Richard is analyzing a corporate network. After an alert in the network's IPS, he identifi...
- Q102. Dan is a newly appointed information security professional in a renowned organization. He ...
- Q103. Which of the following DOES NOT expose a cloud application to hacking?...
- Q104. Jason is setting up a computer forensics lab and must perform the following steps: 1. phys...
- Q105. The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility stan...
- Q106. Francis received a spoof email asking for his bank information. He decided to use a tool t...
- Q107. Which of the following can be considered synonymous:...
- Q108. Which of the following forensic investigation phases should occur first?...
- Q109. While analyzing a file, Ryan discovered that an attacker used an anti-forensics method, wh...
- Q110. The flow chart gives a view of different roles played by the different personnel of CSIRT....
- Q111. An information security incident is
- Q112. CERT members can provide critical support services to first responders such as:...
- Q113. A self-replicating virus does not alter files but resides inactive memory and duplicates i...
- Q114. The ability of an agency to continue to function even after a disastrous event, accomplish...
- Q115. Which of the following is not a countermeasure to eradicate inappropriate usage incidents?...
- Q116. The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility stan...
- Q117. Drake is an incident handler at Dark Cloud Inc. Heist asked with performing log analysis i...
- Q118. Which of the following risk mitigation strategies involves the execution of controls to re...
- Q119. Nervous Nat often sends emails with screenshots of what he thinks are serious incidents, b...
- Q120. Which of the following is a term that describes the combination of strategies and services...
- Q121. Which of the following is a risk assessment tool:...
- Q122. A threat source does not present a risk if NO vulnerability that can be exercised for a pa...
- Q123. They type of attack that prevents the authorized users to access networks, systems, or app...
- Q124. Dash wants to perform a DoS attack over 256 target URLs simultaneously. Which of the follo...
- Q125. Removing or eliminating the root cause of the incident is called:...
- Q126. XYZ Inc. was affected by a malware attack and James, being the incident handling and respo...
- Q127. The very well-known free open source port, OS and service scanner and network discovery ut...
- Q128. Which policy recommends controls for securing and tracking organizational resources:...
- Q129. Which of the following might be an insider threat?...
- Q130. According to NITS, what are the 5 main actors in cloud computing?...
- Q131. The following steps describe the key activities in forensic readiness planning: 1. Train t...
- Q132. According to the Evidence Preservation policy, a forensic investigator should make at leas...
- Q133. Quantitative risk is the numerical determination of the probability of an adverse event an...
- Q134. The goal of incident response is to handle the incident in a way that minimizes damage and...
- Q135. Which of the following terms refers to vulnerable account management functions, including ...
- Q136. An incident recovery plan is a statement of actions that should be taken before, during or...
- Q137. In which of the following phases of incident handling and response (IH&R) process are ...
- Q138. Clark, a professional hacker, successfully exploited the web application of a target organ...
- Q139. Which of the following best describes an email issued as an attack medium, in which severa...
- Q140. What command does a Digital Forensic Examiner use to display the list of all open ports an...
- Q141. Which of the following GPG 18 and Forensic readiness planning (SPF) principles states that...
- Q142. Which of the following is the BEST method to prevent email incidents?...
- Q143. Jacobi san employee at a firm called Dolphin Investment. While he was on duty, he identifi...
- Q144. Otis is an incident handler working in an organization called Delmont. Recently, the organ...
- Q145. Frederick is in the eradication process in one of the incidents he is handing. Which of th...
- Q146. Rica works as an incident handler for an international company. As part of her role, she m...
- Q147. An organization faced an information security incident where a disgruntled employee passed...
- Q148. Mr.Smith is a lead incident responder of a small financial enterprise, which has a few bra...
