GCIH - BOOK 1 EXAM QUESTIONS AND
ANSWERS GRADED A+ 2025/2026
System Center Configuration Manager (SCCM) - ANS A software management suite provided
by Microsoft that allows users to manage a large number of Windows based computers. It
features remote control, patch management, operating system deployment, network protection
and other various services
Incident Handling - ANS The action or plan for dealing with intrusions, cyber-theft, DoS and
other computer security related events
Incident - ANS Refers to actions that result in harm or the significant threat of harm to your
computer systems or data
Event - ANS Any observable occurrence in a system and/or network
Incident Handling - 6 Stages - ANS 1. Preparation, 2. Identification, 3. Containment, 4.
Eradication, 5. Recovery, 6 Lessons Learned
Preparation Phase - ANS The goal of this phase is to get the team ready to handle incidents
Sptoolkit and Phisme - ANS Services that create phishing campaigns where you can track
your results
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Suspicious Activity Report (SAR) - ANS A report that must be filed whenever a firm suspects
that transactions of $5000 or more may be related to illegal activities
Reasons TO Notify Law Enforcement of an Incident - ANS - Threat to public health or safety
- Substantial impact on third party
- legal requirement based on industry
War Room - ANS A place where you can safely display information. It should have a lockable
door and lockable file cabinet
GRR Rapid Response - ANS A tool for performing large-scale incident response and hunt
teaming. Currently maintained by Google and is free. Has the ability to perform memory
analysis on remote hosts when coupled with rekall and can pull in-depth forensic artifacts from
multiple systems
Jump Bag - ANS A portable kit containing items that are useful for handling an incident
Sleuth Kit and Autopsy, EnCase, Forensics Toolkit, and X-Ways Forensics software -
ANS Examples of Forensic Software
SANS Investigative Forensic Toolkit (SIFT) - ANS VMware appliance that includes hundreds of
different tools you can use to analyze an incident. It includes Sleuth kit, log2timeline, wireshark,
Voatility, ssdeep and md5deep, etc
log2timeline - ANS a tool for analyzing the relative times of different events recorded in logs
Volatility - ANS A tool for analyzing memory images.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
ANSWERS GRADED A+ 2025/2026
System Center Configuration Manager (SCCM) - ANS A software management suite provided
by Microsoft that allows users to manage a large number of Windows based computers. It
features remote control, patch management, operating system deployment, network protection
and other various services
Incident Handling - ANS The action or plan for dealing with intrusions, cyber-theft, DoS and
other computer security related events
Incident - ANS Refers to actions that result in harm or the significant threat of harm to your
computer systems or data
Event - ANS Any observable occurrence in a system and/or network
Incident Handling - 6 Stages - ANS 1. Preparation, 2. Identification, 3. Containment, 4.
Eradication, 5. Recovery, 6 Lessons Learned
Preparation Phase - ANS The goal of this phase is to get the team ready to handle incidents
Sptoolkit and Phisme - ANS Services that create phishing campaigns where you can track
your results
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Suspicious Activity Report (SAR) - ANS A report that must be filed whenever a firm suspects
that transactions of $5000 or more may be related to illegal activities
Reasons TO Notify Law Enforcement of an Incident - ANS - Threat to public health or safety
- Substantial impact on third party
- legal requirement based on industry
War Room - ANS A place where you can safely display information. It should have a lockable
door and lockable file cabinet
GRR Rapid Response - ANS A tool for performing large-scale incident response and hunt
teaming. Currently maintained by Google and is free. Has the ability to perform memory
analysis on remote hosts when coupled with rekall and can pull in-depth forensic artifacts from
multiple systems
Jump Bag - ANS A portable kit containing items that are useful for handling an incident
Sleuth Kit and Autopsy, EnCase, Forensics Toolkit, and X-Ways Forensics software -
ANS Examples of Forensic Software
SANS Investigative Forensic Toolkit (SIFT) - ANS VMware appliance that includes hundreds of
different tools you can use to analyze an incident. It includes Sleuth kit, log2timeline, wireshark,
Voatility, ssdeep and md5deep, etc
log2timeline - ANS a tool for analyzing the relative times of different events recorded in logs
Volatility - ANS A tool for analyzing memory images.
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
