An analyst needs to forensically examine a Windows machine that was compromised by a threat
actor.
Intelligence reports state this specific threat actor
... [Show More] is characterized by hiding malicious artifacts,
especially with
alternate data streams. Based on this intelligence, which of the following BEST explains alternate
data
streams?
A. A different way data can be streamlined if the user wants to use less memory on a Windows
system for
forking resources
B. A way to store data on an external drive attached to a Windows machine that is not readily
accessible to
users
C. A windows attribute that provides for forking resources and is potentially used to hide the
presence of
secret or malicious files inside the file records of a benign file
D. A Windows attribute that can be used by attackers to hide malicious files within system memory
✔✔D. A Windows attribute that can be used by attackers to hide malicious files within system
memory
An executive assistant wants to onboard a new cloud-based product to help with business analytics
and
dashboarding. Which of the following would be the BEST integration option for this service?
A. Manually log in to the service and upload data files on a regular basis.
B. Have the internal development team script connectivity and file transfers to the new service.
C. Create a dedicated SFTP site and schedule transfers to ensure file transport security.D. Utilize the cloud product's API for supported and ongoing integrations. ✔✔D. Utilize the cloud
product's API for supported and ongoing integrations
Data spillage occurred when an employee accidentally emailed a sensitive file to an external
recipient. Which
of the following controls would have MOST likely prevented this incident?
A. SSO
B. DLP
C. WAF
D. VDI ✔✔B. DLP
A development team is testing a new application release. The team needs to import existing client
PHI data
records from the production environment to the test environment to test accuracy and functionality.
Which of
the following would BEST protect the sensitivity of this data while still allowing the team to
perform the
testing?
A. Deidentification
B. Encoding
C. Encryption
D. Watermarking ✔✔A. Deidentification
Which of the following are components of the intelligence cycle? (Select TWO).
A. Collection
B. Normalization
C. Response
D. Analysis
E. Correction
F. Dissension ✔✔A. Collection
D. AnalysisDuring an investigation, a security analyst identified machines that are infected with malware the
antivirus was
unable to detect. Which of the following is the BEST place to acquire evidence to perform data
carving?
A. The system memory
B. The hard drive
C. Network packets
D. The Windows Registry ✔✔A. The system memory
A SIEM solution alerts a security analyst of a high number of login attempts against the company's
webmail
portal. The analyst determines the login attempts used credentials from a past data breach. Which
of the
following is the BEST mitigation to prevent unauthorized access?
A. Single sign-on
B. Mandatory access control
C. Multifactor authentication
D. Federation
E. Privileged access management ✔✔C. Multifactor authentication [Show Less]