(latest update 2023) WGU C842 - CyberDefense and CounterMeasures (EC Council CIH v2) Verified And Rated 100% Correct!!

Which of the following information security elements ensures that the information is accessible only to those who are authorized to have access? A authenticity B confidentiality C integrity D availability - Answer B Identify the information security element that determines trustworthiness of data or resources in terms of preventing improper and unauthorized changes. A integrity B availability C authenticity D non-repudiation - Answer A John, a security professional working for Xdoc Corporation, is implementing a security strategy that uses multilayered protection throughout an information system to help minimize any adverse impact from attacks on organizational assets. Identify the security strategy John has implemented. A covert channel B defense-in-depth C likelihood analysis D three-way handshake - Answer B Identify the security policy that doesn't keep any restrictions on the usage of system resources. A promiscuous policy B prudent policy C paranoid policy D permissive policy - Answer A Carl is trying to violate the acceptable use of a network and computer use policy. Under which category of the incident handling criteria does this scenario fall? A CAT 4 B CAT 2 C CAT 1 D CAT 3 - Answer A In which of the following stages of incident handling does classification and prioritization of incidents take place? A incident recording and assignment B incident containment C post-incident activities D incident triage - Answer D Which of the following terms reflects an organization's mid-term and long-term goals for incident management capabilities? A IH&R team models B IH&R mission C IH&R staffing D IH&R vision - Answer D Which of the following terms defines the purpose and scope of the planned incident handling and response capabilities? A IH&R mission B IH&R staffing C IH&R team models D IH&R vision - Answer A Which of the following backup strategies provides daily status of the backup situation, such as successful, unsuccessful, not run, out of space, etc.? A security B guarantee C data availability D notifications - Answer D John is an incident response manager at XYZ Inc. As a part of IH&R policy of his organization, he signed a contract between the organization and a third-party insurer to protect organization individuals from different threats and risks. What is the contract signed by John called? A escrow agreement B disclosure agreement C ROE agreement D cyber insurance - Answer D Jason is an incident handler at The Rolls Inc. One day his organization encounters a massive cyberattack, and he identifies a virus called "XYZ@ZYX" spreading among the computers in the network (AKA, a level CAT 3 attack). He has started investigating the issue; however, as an incident handler, within how much time from detection of such malicious code attacks should he report to the authorities? A one week B one fortnight C three hours D one hour - Answer D Which of the following phases of the computer forensics investigation process involves acquisition, preservation, and analysis of evidentiary data to identify the source of a crime and the culprit behind it? A pre-investigation phase B investigation phase C vulnerability assessment phase D post-investigation phase - Answer B Which of the following activities is performed by an incident handler during the pre-investigation phase of computer forensics? A search and seizure B evidence assessment C data acquisition D risk assessment - Answer D James, an incident responder at Trinity Inc., is investigating a cybercrime. In the process, he collected the evidence data from the victim systems and started analyzing the collected data. Identify the computer forensics investigation phase James is currently in. A risk assessment phase B post-investigation phase C pre-investigation phase D investigation phase - Answer D Which of the following terms refers to an organization's ability to make optimal use of digital evidence in a limited period of time and with minimal investigation costs? A expert testimony B forensic readiness C data acquisition D first response - Answer B Which of the following forensic readiness procedures helps an incident responder in gathering useful information about the system behavior through file integrity monitoring? A host monitoring B risk assessment C network monitoring D evidence assessment - Answer A Flora is an incident handler at an organization that is implementing forensic readiness procedures to handle evolving cyber threats. As part of this process, she decided to use an advanced authentication protocol to secure the organizational network resources. Which of the following protocols must Flora employ? A Kerberos/IPSec B ICMP/UDP C TCP/IP D FTP/HTTP - Answer A Which of the following sources of evidence helps an incident responder to collect information that guides him or her in building the timeline of attack? A financial services B job services C social networks D online location tracking - Answer C Which of the following terms refers to a legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory? A forensic policy B promiscuous policy C chain of custody D forensic readiness plan - Answer C Which of the following malware components is a program that conceals its code and intended purpose via various techniques, making it hard for security mechanisms to detect or remove it? A injector B exploit C packer D obfuscator - Answer D Which of the following malware distribution techniques involves exploiting flaws in browser software to install malware just by visiting a webpage? A spear-phishing sites B social engineered click-jacking C compromised legitimate websites D drive-by downloads - Answer D In memory dump analysis, which of the following tools is used for disassembling and debugging malware? A IDA Pro B FLOSS C Hakiri D ASPack - Answer A Which of the following malware detection techniques is employed in intrusion analysis to identify the transfer of any unwanted traffic to malicious or unknown external entities? A covert malware beaconing B SSDT patching C covert C&C communication D kernel filter drivers - Answer C In live system analysis, which of the following tools is used to monitor the scheduled tasks? A Runscope B AlertSite C Sonar D CronitorCLI - Answer D Which of the following commands helps in finding the manipulated system functions while performing memory dump analysis using Volatility Framework? A threads B apihooks C idt D filescan - Answer B Which of the following is NOT a static malware analysis technique? A file fingerprinting B windows services monitoring C malware disassembly D local and online malware scanning - Answer B In eradicating malware incidents, what is the name of the method used to block the harmful URLs, IP addresses, and email IDs that have acted as a source for spreading malware? A manual scan B fixing devices C blacklist D updating the malware database - Answer C Which of the following phishing attacks targets high-profile executives, like CEOs, CFOs, politicians, and celebrities, who have complete access to confidential and highly valuable information? A spear phishing B spimming C pharming D whaling - Answer D Which of the following phishing attacks is also known as "phishing without a lure"? A spimming B spear phishing C pharming D whaling - Answer C Which of the following phishing attacks exploits instant-messaging platforms to flood spam across the networks? A puddle phishing B CEO scam C pharming D spimming - Answer D Identify the phishing attack in which an attacker imitates the email writing style and other content to make his or her activities seem legitimate. A pharming B puddle phishing C CEO scam D spimming - Answer C Identify the email crime in which a flurry of junk mail is sent by accident without human intervention. A mail bombing B mail storming C identity theft D malware distribution - Answer B Which of the following elements of an email header shows a detailed log of a message's history, such as the origin of an email and information on forgeries? A Subject B Received C X-Mailer D Message-Id - Answer B What does the Neutral result on the Domain Keys Identified Mail (DKIM) protocol indicate? A The email is signed, but the signature has syntax errors, so it cannot be processed. B The email is signed and the signature passes the verification tests. C The email is signed and the signature does not pass the verification tests. D The email is signed, and some part of signature is not acceptable by administrative management domains (ADMD). - Answer A What can be the result of Sender Policy Framework (SPF) protocol when the SPF record cannot be verified due to syntax or format errors in the record? A TempError B Neutral C Pass D PermError - Answer D Which of the following Wireshark filters is used to locate duplicate IP address traffic? A cate-traffic-detected B cate-address-detected C cate-traffic-detected D cate-address-detected - Answer B Which of the following Wireshark filters is used to view the packets with FIN, PSH, and URG TCP flags set for detecting Xmas scan attempts? A ==0X029 B rt==7 C TCP.flags==0x000 D rt==25 - Answer A From the following, identify the Wireshark filter that is used to view the packets moving without a flag set while performing the Null scan attempts. A TCP.flags==0x000 B ==0X029 C rt==25 D rt==7 - Answer A Which of the following terms is considered as a process of scanning an IP range to detect live hosts? A port scanning B social engineering C ping sweeping D DNS footprinting - Answer C An act of tricking people to reveal sensitive information is involved in which type of Reconnaissance technique? A social engineering B port scanning C DNS footprinting D ping sweeping - Answer A Identify the type of DoS/DDoS incident in which the magnitude of attack is measured in bits per second (bps). A volumetric attack B transport layer attack C protocol attack D application layer attack - Answer A Identify the type of DoS/DDoS incident in which the magnitude of attack is measured in packets per second (pps). A protocol attack B volumetric attack C transport layer attack D application layer attack - Answer A Identify the metric that is used to measure the magnitude of application layer attacks. A bits per second (bps) B packets per second (pps) C cycles per second (cps) D requests per second (rps) - Answer D