FedVTE Cyber Security Investigations Exam 2023 with
complete solution
Which of the following can be determined by capturing and analyzing network
traffic?
A. Intent of Insider Threat actors and logs of their activity
B. Communication and connections between hosts
C. Open files and Registry handles on individual hosts
D. Firewall and Intrusion Detection rules for the gateway
B. Communication and connections between hosts
Which of the following is a method to detect an incident?
A. IDS alarm
B. Log analysis
C. 3rd Party Information
D. Public or attacker announcement
E. All of the above
F. None of the above
E. All of the above
Which of the following describes hash analysis?
A. Validating file integrity by matching before and after hash values
B. Organizing data sets into key and hash value pairs
C. Matching file hash values against a set of known hash values
D. Identifying file types by analyzing individual hash values
C. Matching file hash values against a set of known hash values
, Which of the following is NOT a goal of triage?
A. Quickly identify indicators of compromise
B. Identify vectors used to compromise the systems
C. Determine normal and abnormal network behavior
D. Determine which systems require in-depth analysis
C. Determine normal and abnormal network behavior
What is the order of the stages of attacker methodology?
A. Footprinting, Vulnerability Exploitation, Foothold, Damage
B. Footprinting, Foothold, Vulnerability Exploitation, Damage
C. Footprinting, Vulnerability Exploitation, Damage, Foothold
D. Vulnerability exploitation, Footprinting, Foothold, Damage
A. Footprinting, Vulnerability Exploitation, Foothold, Damage
Why are analysis of file signatures and file extensions helpful to investigators?
A. They can identify what the file type is and what the OS will try to open it with
B. They can determine if the file was corrupted during transfer
C. They can indicate obfuscation by showing when signatures and extensions do
not match
D. They can show if the file was executed by a user or if it was a drive-by
download
C. They can indicate obfuscation by showing when signatures and extensions do not
match
Subjective data has no purpose in Incident Response considerations.
A. True
B. False
complete solution
Which of the following can be determined by capturing and analyzing network
traffic?
A. Intent of Insider Threat actors and logs of their activity
B. Communication and connections between hosts
C. Open files and Registry handles on individual hosts
D. Firewall and Intrusion Detection rules for the gateway
B. Communication and connections between hosts
Which of the following is a method to detect an incident?
A. IDS alarm
B. Log analysis
C. 3rd Party Information
D. Public or attacker announcement
E. All of the above
F. None of the above
E. All of the above
Which of the following describes hash analysis?
A. Validating file integrity by matching before and after hash values
B. Organizing data sets into key and hash value pairs
C. Matching file hash values against a set of known hash values
D. Identifying file types by analyzing individual hash values
C. Matching file hash values against a set of known hash values
, Which of the following is NOT a goal of triage?
A. Quickly identify indicators of compromise
B. Identify vectors used to compromise the systems
C. Determine normal and abnormal network behavior
D. Determine which systems require in-depth analysis
C. Determine normal and abnormal network behavior
What is the order of the stages of attacker methodology?
A. Footprinting, Vulnerability Exploitation, Foothold, Damage
B. Footprinting, Foothold, Vulnerability Exploitation, Damage
C. Footprinting, Vulnerability Exploitation, Damage, Foothold
D. Vulnerability exploitation, Footprinting, Foothold, Damage
A. Footprinting, Vulnerability Exploitation, Foothold, Damage
Why are analysis of file signatures and file extensions helpful to investigators?
A. They can identify what the file type is and what the OS will try to open it with
B. They can determine if the file was corrupted during transfer
C. They can indicate obfuscation by showing when signatures and extensions do
not match
D. They can show if the file was executed by a user or if it was a drive-by
download
C. They can indicate obfuscation by showing when signatures and extensions do not
match
Subjective data has no purpose in Incident Response considerations.
A. True
B. False
