Q1
Which of the following is a method to detect an incident? IDS alarm Log analysis 3rd Party
Information Public or attacker announcement All of the above None of the above
Answer: IDS alarm
Q2
Which of the following describes hash analysis? Validating file integrity by matching before and
after hash values Organizing data sets into key and hash value pairs Matching file hash values
against a set of known hash values Identifying file types by analyzing individual hash values
Answer: Validating file integrity by
Q3
Which of the following is NOT a goal of triage?
Answer: Quickly identify indicators of compromise
Q4
What is the order of the stages of attacker methodology?
Answer: Footprinting, Vulnerability
Q5
Exploitation, Foothold, Damage B. Footprinting, Foothold, Vulnerability Exploitation, Damage
Answer: Footprinting, Foothold,
Q6
Why are analysis of file signatures and file extensions helpful to investigators?
Answer: They can identify what the file type is and what the OS will try to open it with
Q7
A forensic image is:
Answer: D. An identical copy of a piece of digital evidence