Practice Test: Module 13 Incident Preparation, Response, and Investigation
You are a cybersecurity administrator and have identified a suspicious account in your enterprise network. Which of the following is the best practice for handling such accounts?
Disable the account
Which of the following is a tool used for making a physical copy?
GNU dd
What does the retention policy in an incident response plan define?
How long the evidence of the incident should be kept with the enterprise
Which of the following is a log management tool?
Journalctl
You are a cyber forensic expert. Recently, an enterprise in your jurisdiction experienced a security breach. Which of the following evidence should you examine first?
RAM
An investigation after a security breach in your enterprise proved that the breach occurred after an anonymous phone call to your enterprise telephone network. Which of the following protocols is most likely responsible for the breach?
SIP
Which of the following is a user or process accessing computer systems?
Subject
You are a cybersecurity trainer, and the following are the objectives of an incident response plan listed by a student in a cybersecurity exam. Which of the following is a correct statement?
To contain the spread of the attack
While performing digital forensics, which of the following should you investigate first?
Volatile data
You are investigating a cybercrime, and the attacked enterprise is running different resources in different operating systems. What should you use to analyzing logs in this scenario?
nxlog