A cybersecurity analyst receives a phone call from an unknown person with the number blocked
on the caller ID. After starting conversation, the caller
... [Show More] begins to request sensitive information.
Which of the following techniques is being applied?
A. Social engineering
B. Phishing
C. Impersonation
D. War dialing ✔✔A
Which of the following is the main benefit of sharing incident details with partner organizations
or external trusted parties during the incident response process?
A. It facilitates releasing incident results, findings and resolution to the media and all appropriate
government agencies
B. It shortens the incident life cycle by allowing others to document incident details and prepare
reports.
C. It enhances the response process, as others may be able to recognize the observed behavior and
provide valuable insight.
D. It allows the security analyst to defer incident-handling activities until all parties agree on how
to proceed with analysis. ✔✔C
The security analyst determined that an email containing a malicious attachment was sent to
several employees within the company, and it was not stopped by any of the email filtering devices.
An incident was declared. During the investigation, it was determined that most users deleted the
email, but one specific user executed the attachment. Based on the details gathered, which of the
following actions should the security analyst perform NEXT?A. Obtain a copy of the email with the malicious attachment. Execute the file on another user's
machine and observe the behavior. Document all findings.
B. Acquire a full backup of the affected machine. Reimage the machine and then restore from the
full backup.
C. Take the affected machine off the network. Review local event logs looking for activity and
processes related to unknown or unauthorized software.
D. Take possession of the machine. Apply the latest OS updates and firmware. Discuss the problem
with the user and return the machine. ✔✔C
Which of the following tools should a cybersecurity analyst use to verify the integrity of a forensic
image before and after an investigation?
A. strings
B. sha1sum
C. file
D. dd
E. gzip ✔✔B [Show Less]