Set 12 Sample Questions 276 to 300
A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?
Automatically encrypt impacted outgoing emails
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
Matt should implement DLP and encrypt the company database.
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?
Mounting the drive in read-only mode
A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
Record time offset
Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Choose two.)
Scanning of outbound IM (Instance Messaging) & Scanning of HTTP user traffic.
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data?
Configure a proxy server to log all traffic destined for ports 80 and 443.
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?
Corrective
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
Endpoint protection
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate?
System image capture
Which of the following is a best practice when a mistake is made during a forensics examination?
The examiner should document the mistake and workaround the problem.
Which of the following assets is MOST likely considered for DLP?
USB mass storage devices
A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?
dd in=/dev/sda out=/dev/sdb bs=4k
A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:
time offset can be calculated.
An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?
DLP
Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?
DLP
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?
DLP policy
Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?
Capture system image
To ensure proper evidence collection, which of the following steps should be performed FIRST?
Capture the system image
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?
Chain of custody
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time. Which of the following does this illustrate?
Chain of custody
The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation's hard drive. During the investigation, local law enforcement's criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved?
Chain of custody
Which of the following is the MOST important step for preserving evidence during forensic procedures?
Chain of custody
The incident response team has received the following email message. From: [email protected] To: [email protected] Subject: Copyright infringement A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT. After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident. 09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john 09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne 10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov 11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?
Incident time offsets were not accounted for.
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?
Install a camera and DVR at the entrance to monitor access.
