Practice Test: Module 13 Incident Preparation, Response, and Investigation

You are a cybersecurity administrator and have identified a suspicious account in your enterprise network. Which of the following is the best practice for handling such accounts?

Disable the account

Which of the following is a tool used for making a physical copy?

GNU dd

What does the retention policy in an incident response plan define?

How long the evidence of the incident should be kept with the enterprise

Which of the following is a log management tool?

Journalctl

You are a cyber forensic expert. Recently, an enterprise in your jurisdiction experienced a security breach. Which of the following evidence should you examine first?

RAM

An investigation after a security breach in your enterprise proved that the breach occurred after an anonymous phone call to your enterprise telephone network. Which of the following protocols is most likely responsible for the breach?

SIP

Which of the following is a user or process accessing computer systems?

Subject

You are a cybersecurity trainer, and the following are the objectives of an incident response plan listed by a student in a cybersecurity exam. Which of the following is a correct statement?

To contain the spread of the attack

While performing digital forensics, which of the following should you investigate first?

Volatile data

You are investigating a cybercrime, and the attacked enterprise is running different resources in different operating systems. What should you use to analyzing logs in this scenario?

nxlog