Where did the incident response team fail?

An incident response team is handling a worm infection among their user workstations. They created an IPSsignature to detect and block worm activity on the border IPS, then removed the worm’s artifacts orworkstations triggering the rule. Despite this action, worm activity continued for days after. Where did theincident response team fail? A. The team did […]

Read More

Which control was the first to fail?

A legacy server on the network was breached through an OS vulnerability with no patch available. The server isused only rarely by employees across several business units. The theft of information from the server goesunnoticed until the company is notified by a third party that sensitive information has been posted on theInternet. Which control was […]

Read More

What is the purpose of this command?

At the start of an investigation on a Windows system, the lead handler executes the following commands afterinserting a USB drive. What is the purpose of this command? C:\ >dir / s / a dhsra d: \ >a: \ IRCD.txt A. To create a file on the USB drive that contains a listing of the […]

Read More

Why would the pass action be used in a Snort configuration file?

Why would the pass action be used in a Snort configuration file? A. The pass action simplifies some filtering by specifying what to ignore. B. The pass action passes the packet onto further rules for immediate analysis. C. The pass action serves as a placeholder in the snort configuration file for future rule updates. D. […]

Read More