CompTIA Cybersecurity Analyst (CySA+) - Module 3: Cyber Incident Response Exam Solved 100%

Which of the following describes a rudimentary threat that would be picked up by an anti-virus or IPS? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat - Answer Known Threat Which of the following describes a threat coming from a well trained attacker such as another country? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat - Answer Advanced Persistent Threat Which of the following describes a threat unknown to the local IT department but is currently otherwise known? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat - Answer Unknown threat Which of the following describes an threat with no known solution or fix? Known Threat Unknown threat Zero-day threat Advanced Persistent Threat - Answer Zero-day threat When considering the severity an incident and implementing various remedies to an incident which of the following is the greatest limiter in implementing a security control? Economic Recovery Time Scope Data Integrity - Answer Economic What type of data would include information such as addresses full names and social security numbers? PII PHI PCI IP - Answer PII What type of information would include card numbers CVV and pin? PII PHI PCI IP - Answer PCI When protecting your payment card information it should be noted you will never have to distribute your pin number. True False - Answer True When determining the security of an incident the associated downtime is measure by determining how long the system has been down thus far. True False - Answer False Which of the following can be found in a forensics toolkit? Choose all that apply. Write blocker Read blocker Cameras Zip ties - Answer Write blocker & Cameras Generally what is considered to be the minimal acceptable RAM on an enterprise forensic workstation? 16GB 32GB 64GB 128GB - Answer 32GB A forensic workstation should not have access to the internet in order to prevent compromising the sensitive data on the system. True False - Answer True Simply denying write permissions is adequate enough in ensuring a system is producing valid evidence. True False - Answer False Why are devices such as write blockers and forensic workstations utilized while collecting evidence? Efficient data retrieval Due diligence To maintain integrity of evidence To guarantee enough evidence is collected - Answer To maintain integrity of evidence Which of the following will best guarantee that evidence will be preserved on a machine? Live acquisition Shutting down the computer Pulling the plug Packet capture - Answer Pulling the plug (Never do this!) Which of the following will best capture the most possible evidence but might result in changing data? Live acquisition Shutting down the computer Pulling the plug Packet capture - Answer Live acquisition