Alexis is working as an incident responder in XYZ organization. She was asked to identify and attribute the actors behind an attack that took place recently. In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target. Which of the following types of threat attributions Alexis performed?
Investigator Ian gives you a drive image to investigate. What type of analysis are you performing?
A social media analytics company uses a cloud-based platform to deploy and manage modular workloads.
Following an alert in a background module, the incident response team began log analysis and configuration reviews. While they had access to deployment artifacts and resource usage settings, they lacked visibility into system-level activity, such as task scheduling and component runtime behavior. This information is needed to determine whether the issue originated from the underlying cloud environment. Who holds primary responsibility for providing such access in this cloud model to support the investigation?
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?
SpaceTech Innovations, specializing in space exploration software, encountered malware that camouflaged itself within proprietary algorithms. This stealthy malware intermittently transmitted blueprints to an unknown receiver. With a state-of-the-art code analyzer and a network traffic analyzer at hand, what's the ideal first step?
Identify Sarbanes-Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of securities analysts.
A colleague wants to minimize their security responsibility because they are in a small organization. They are evaluating a new application that is offered in different forms. Which form would result in the least amount of responsibility for the colleague?
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?
James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?
The IT security team of a multinational corporation identifies a breach in its BYOD policy, with several employees' mobile devices infected with spyware through a malicious app. These devices had access to the corporate email system. What is the most immediate action the security team should take?
After a web application attack, HealthFirst traced the breach to an insecure Direct Object Reference (IDOR) vulnerability. They want to patch it and fortify the app. What should be their primary action?
Which of the following encoding techniques replaces unusual ASCII characters with
"%" followed by the character's two-digit ASCII code expressed in hexadecimal?